Google's 'Safe Browsing' To Begin Protecting Against Social Engineering Attacks

By Lucian Armasu
published

Google announced that it will start blocking the so-called “social engineering attacks” through its “Safe Browsing” service. The type of attacks it will stop are things such as deceptive download buttons or image ads that try to trick you into installing malware-infected software.

Safe Browsing is used by Google’s own Chrome browser, as well as Mozilla’s Firefox and Apple’s Safari browsers, which means over one billion people benefit from its protection. The service was initially built to block known malware-infected domains in order to stop the infections from spreading to other web users, as well as phishing sites that try to steal users’ personal information by looking like clones of real web sites.

As Google’s Artificial Intelligence improves, services such as Safe Browsing can become better at recognizing dangerous code on the Web and protect users more effectively without too many false positives (that is, blocking things that shouldn’t be blocked).

Social engineering is one of the most effective ways to “hack” someone’s personal information and getting their passwords, credit card numbers, phone numbers and so on. Google’s Safe Browsing will consider social engineering ads when they either:

Pretend to act, or look and feel, like a trusted entity — like your own device or browser, or the website itself. Try to trick you into doing something you’d only do for a trusted entity — like sharing a password or calling tech support.

This can include an ad that says some software in your system needs an “update:”

It can also include ads that say it’s necessary to install a certain software before you continue:

Finally, it also includes the much-maligned fake download buttons, which are usually hard to distinguish from the real download or play buttons, even by more experienced Web users.

Google said that its fight against social engineering attacks is merely just starting and that it will continue to improve the service to increase the kind of protection Web users need.

Google also said that if web developers' websites are flagged by the service, they can troubleshoot them with the Search Console.

Lucian Armasu is a Contributing Writer for Tom's Hardware. You can follow him at @lucian_armasu. 

Follow us on FacebookGoogle+, RSS, Twitter and YouTube.

Lucian Armasu
Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
Topics
Security
5 Comments Comment from the forums
  • thundervore
    Adblock takes care of most of this stuff already. If there are no Ad buttons to click then there are no fake software to install.
    Reply
  • surphninja
    I'm interested to see how this is enforced. Very often legit sites will show shady ads that try to trick users into clicking (even tom's). In fact, I'll try clicking an ad occasionally, and I can't remember the last time it went to what the ad was actually advertising. Malicious ads, even those infected with malware, are a universal problem across the web.

    More likely, this will be used to target torrent and porn sites.
    Reply
  • alquix
    Adblock takes care of most of this stuff already. If there are no Ad buttons to click then there are no fake software to install.
    perhaps this is why they're doing it. Adblock hurts google, so if people could just have malicious ads removed from the beginning, they may not think to install adblock after all
    Reply
  • hang-the-9
    I deal with many systems that get infected because general population computer users often can't figure out which button is what and fall for the "Your Flash Player needs to be updated" fake pop-ups all the time. This may actually lower revenue for quite a few computer shops also, there won't be systems coming in with viruses and spyware as often.

    I'm surprised that there does not seem to be any government regulation of online ads. TV and Radio is regulated, you put a fake claim or product on there, you will get fined. Yet you can put in all sorts of claims or misleading links online and not get blocked.
    Reply
  • ammaross
    I'm surprised that there does not seem to be any government regulation of online ads. TV and Radio is regulated, you put a fake claim or product on there, you will get fined. Yet you can put in all sorts of claims or misleading links online and not get blocked.
    Governments can only regulate things in their jurisdiction. That's why China's firewall doesn't affect your browsing.

    I think they'd find a great source of "training" for their AI by checking out download sites (similar to mediafire) or pretty much anything that is linked through ad.fly to get to...
    Reply