Ever mistype a Web page address? Mistype the URL? Like typing “Gogle” instead of “Google.” Ever click a result from a Google search that looked like the site you wanted but took you to something else? With maybe some scary ads?
Well, these two articles (links below) are a reminder about this common way criminals seek to trick and exploit us. Much like spoofed phone caller IDs, eh.
It’s pretty common for malicious actors to lock down common misspellings of popular sites in attempts to catch people off guard when they make a mistake typing in a URL. Those sites often look like the real thing but are designed to steal a person’s credentials and other information. While Google Chrome’s experimental feature, the browser will present a dropdown panel under the URL bar. The notification draws attention to the fact that the user may be visiting a site they don’t intend to and offers to redirect them to the correct domain. That combined with Chrome’s existing warnings about unsecure sites should hopefully be enough to keep people from falling for scams.
Currently, the endless haze of complicated URLs gives attackers cover for effective scams. They can create a malicious link that seems to lead to a legitimate site, but actually automatically redirects victims to a phishing page. Or they can design malicious pages with URLs that look similar to real ones, hoping victims won’t notice that they’re on G00gle rather than Google. With so many URL shenanigans to combat, the Chrome team is already at work on two projects aimed at bringing users some clarity.
While enabling these new feature is somewhat technical, it’s good to know that Google (among others) is working on ways of making us safer on the Web. These features probably will become standard for general use this year.