Phishing campaigns — where a fraudulent website or email is made to look like it comes from a legitimate source — have caused a huge amount of destruction, leading to untold numbers of virus infections and money lost through scams. Google has just rolled out a powerful way to fight phishing in its Chrome browser, however, and it could help you avoid falling victim.
As part of Chrome’s 15th anniversary update, Google will be pushing its Enhanced Safe Browsing feature to all users in the coming weeks. This checks website URLs against a list of malicious sites stored on Google’s cloud servers, all in real time. If a match is found, the website is blocked and a warning is displayed to users.
Previously, Enhanced Safe Browsing was an optional feature that could be manually enabled in Chrome’s settings. Now, however, it is going to become the default way to add protection against phishing attacks while using Chrome.
That’s because Google will soon discontinue its old phishing protection feature called Safe Browsing. This ‘non-enhanced’ version stores a list of malicious websites locally on your computer and checks visited sites against that. The problem with this approach is that the list can’t detect phishing websites that launched after Safe Browsing was last updated.
Google says that Safe Browsing’s database is updated every 30 to 60 minutes, but that’s not enough to keep you safe. According to a Google blog post, “60% of [phishing websites] exist for less than 10 minutes, making them difficult to block.” By switching to Enhanced Safe Browsing, Google says “we expect to see 25% improved protection from malware and phishing threats.”
Discontinuing the old Safe Browsing feature and switching everyone to Enhanced Safe Browsing means you don’t need to rely on an outdated bank of nefarious websites, reducing the number of phishing attempts that go undetected. It follows other efforts from Google to fix vulnerabilities much faster than before.
However, Enhanced Safe Browsing comes with a potential privacy trade-off. Since it uses a database stored on Google’s servers rather than on your local machine, it means that every URL you visit is sent to Google for checking.
According to Bleeping Computer, “The feature will also send a small sample of pages to Google to discover new threats,” while “the transferred data is also temporarily linked to your Google account to detect if an attack targets your browser or account.”
There is concern that Google could use this data for advertising purposes, given the search giant’s history of harvesting customer data and other questionable tactics. However, Google told Bleeping Computer that no data submitted through Enhanced Safe Browsing will be used for advertising or anything other than phishing protection.
Google says that all users will start being moved over to Enhanced Safe Browsing “in the coming weeks.” If you use Google Chrome, you could soon get a new tool in the fight against phishing — provided it respects your privacy.