Google's 'Safe Browsing' To Begin Protecting Against Social Engineering Attacks

Google announced that it will start blocking the so-called “social engineering attacks” through its “Safe Browsing” service. The type of attacks it will stop are things such as deceptive download buttons or image ads that try to trick you into installing malware-infected software.

Safe Browsing is used by Google’s own Chrome browser, as well as Mozilla’s Firefox and Apple’s Safari browsers, which means over one billion people benefit from its protection. The service was initially built to block known malware-infected domains in order to stop the infections from spreading to other web users, as well as phishing sites that try to steal users’ personal information by looking like clones of real web sites.

As Google’s Artificial Intelligence improves, services such as Safe Browsing can become better at recognizing dangerous code on the Web and protect users more effectively without too many false positives (that is, blocking things that shouldn’t be blocked).

Social engineering is one of the most effective ways to “hack” someone’s personal information and getting their passwords, credit card numbers, phone numbers and so on. Google’s Safe Browsing will consider social engineering ads when they either:

  • Pretend to act, or look and feel, like a trusted entity — like your own device or browser, or the website itself.
  • Try to trick you into doing something you’d only do for a trusted entity — like sharing a password or calling tech support.

This can include an ad that says some software in your system needs an “update:”

It can also include ads that say it’s necessary to install a certain software before you continue:

Finally, it also includes the much-maligned fake download buttons, which are usually hard to distinguish from the real download or play buttons, even by more experienced Web users.

Google said that its fight against social engineering attacks is merely just starting and that it will continue to improve the service to increase the kind of protection Web users need.

Google also said that if web developers' websites are flagged by the service, they can troubleshoot them with the Search Console.

Lucian Armasu is a Contributing Writer for Tom's Hardware. You can follow him at @lucian_armasu. 

Follow us on FacebookGoogle+RSSTwitter and YouTube.

This thread is closed for comments
    Your comment
  • thundervore
    Adblock takes care of most of this stuff already. If there are no Ad buttons to click then there are no fake software to install.
  • surphninja
    I'm interested to see how this is enforced. Very often legit sites will show shady ads that try to trick users into clicking (even tom's). In fact, I'll try clicking an ad occasionally, and I can't remember the last time it went to what the ad was actually advertising. Malicious ads, even those infected with malware, are a universal problem across the web.

    More likely, this will be used to target torrent and porn sites.
  • alquix
    Adblock takes care of most of this stuff already. If there are no Ad buttons to click then there are no fake software to install.

    perhaps this is why they're doing it. Adblock hurts google, so if people could just have malicious ads removed from the beginning, they may not think to install adblock after all