Google announced that it will start blocking the so-called “social engineering attacks” through its “Safe Browsing” service. The type of attacks it will stop are things such as deceptive download buttons or image ads that try to trick you into installing malware-infected software.
Safe Browsing is used by Google’s own Chrome browser, as well as Mozilla’s Firefox and Apple’s Safari browsers, which means over one billion people benefit from its protection. The service was initially built to block known malware-infected domains in order to stop the infections from spreading to other web users, as well as phishing sites that try to steal users’ personal information by looking like clones of real web sites.
As Google’s Artificial Intelligence improves, services such as Safe Browsing can become better at recognizing dangerous code on the Web and protect users more effectively without too many false positives (that is, blocking things that shouldn’t be blocked).
Social engineering is one of the most effective ways to “hack” someone’s personal information and getting their passwords, credit card numbers, phone numbers and so on. Google’s Safe Browsing will consider social engineering ads when they either:
Pretend to act, or look and feel, like a trusted entity — like your own device or browser, or the website itself. Try to trick you into doing something you’d only do for a trusted entity — like sharing a password or calling tech support.
This can include an ad that says some software in your system needs an “update:”
It can also include ads that say it’s necessary to install a certain software before you continue:
Finally, it also includes the much-maligned fake download buttons, which are usually hard to distinguish from the real download or play buttons, even by more experienced Web users.
Google said that its fight against social engineering attacks is merely just starting and that it will continue to improve the service to increase the kind of protection Web users need.
Google also said that if web developers' websites are flagged by the service, they can troubleshoot them with the Search Console.
Lucian Armasu is a Contributing Writer for Tom's Hardware. You can follow him at @lucian_armasu.
Stay on the Cutting Edge
Join the experts who read Tom's Hardware for the inside track on enthusiast PC tech news — and have for over 25 years. We'll send breaking news and in-depth reviews of CPUs, GPUs, AI, maker hardware and more straight to your inbox.
Your fingerprints can be recreated from the sounds made when you swipe on a touchscreen — Chinese and US researchers show new side channel can reproduce fingerprints to enable attacks
Russian military botnet discovered on 1000+ compromised routers — FBI deactivated Moobot by taking control of impacted routers
Adblock takes care of most of this stuff already. If there are no Ad buttons to click then there are no fake software to install.Reply
I'm interested to see how this is enforced. Very often legit sites will show shady ads that try to trick users into clicking (even tom's). In fact, I'll try clicking an ad occasionally, and I can't remember the last time it went to what the ad was actually advertising. Malicious ads, even those infected with malware, are a universal problem across the web.Reply
More likely, this will be used to target torrent and porn sites.
Adblock takes care of most of this stuff already. If there are no Ad buttons to click then there are no fake software to install.perhaps this is why they're doing it. Adblock hurts google, so if people could just have malicious ads removed from the beginning, they may not think to install adblock after all
I deal with many systems that get infected because general population computer users often can't figure out which button is what and fall for the "Your Flash Player needs to be updated" fake pop-ups all the time. This may actually lower revenue for quite a few computer shops also, there won't be systems coming in with viruses and spyware as often.Reply
I'm surprised that there does not seem to be any government regulation of online ads. TV and Radio is regulated, you put a fake claim or product on there, you will get fined. Yet you can put in all sorts of claims or misleading links online and not get blocked.
I'm surprised that there does not seem to be any government regulation of online ads. TV and Radio is regulated, you put a fake claim or product on there, you will get fined. Yet you can put in all sorts of claims or misleading links online and not get blocked.Governments can only regulate things in their jurisdiction. That's why China's firewall doesn't affect your browsing.
I think they'd find a great source of "training" for their AI by checking out download sites (similar to mediafire) or pretty much anything that is linked through ad.fly to get to...