Google has announced that it will now provide a warning for websites that try to trick you into doing something that may be dangerous, such as installing unwanted software via deceptive download buttons, or tricking you into revealing personal information.
The new policy against fraudulent websites is just a next step in a line of efforts by Google against online criminal behavior:
- Safe Browsing — In 2007 Google launched its “Safe Browsing initiative” that was aimed at protecting users from phishing and malware attacks. This was aimed at providing a warning in the search results if they knew of a website to be harmful. While this initiative dealt with the most common complaints, sophistication has moved on to more complex behavior to include deceptive software downloads that this scheme could not detect.
- Unwanted Software — While Google didn’t give an exact date when this initiative started, we suspect it was within the last 1-2 years. This includes many facets including:
- Incorporating unwanted software into Safe Browsing warnings.
- Chrome Cleanup Tool, which will scan and remove software that may cause issues with Chrome. This includes crashes, unwanted startup pages, toolbars or other adverts that prove difficult to remove.
- Incorporated unwanted software as a Ranking Factor, effectively hiding malicious websites in the search engine ranking pages, or SERPs, so visitors are less likely to find those websites.
- Disabling Google adverts that lead to websites with unwanted software
The new announcement extends on all the previous efforts, with an extension of their social engineering policy. According to Google, embedded content, including buttons or adverts will be classed as social engineering if they:
- Pretend to act, or look and feel, like a trusted entity — like your own device or browser, or the website itself.
- Try to trick you into doing something you’d only do for a trusted entity — like sharing a password or calling tech support.
If Google sees that a website is using deceptive practices, it will show a warning alerting you to the fact:
Does the statistics show that Google is winning?
According to Google’s transparency report, approximately one billion users use Safe Browsing. Thanks to the expansion of features in Safe Browsing late last year, we can see from the following graph (via the transparency report) that the number of warnings issued to users per week has significantly increased:
Couple that with their warnings in the search results of Malware infected websites:
Furthermore, looking at the number of websites deemed dangerous by Safe Browsing, it is clear that Google is making serious inroads at detecting and flagging these websites to users.
It’s hard to know whether the increase in detection is due to a rise in the number of Phishing or Malware websites, or just an increase in detection. Indeed, it looks around mid-2014 that a decrease in detection may have been down to a change in tactics by those involved in such behavior, which resulted in new methods of detection being rolled out by Google last year.
There are some more interesting statistics in the transparency report that are worth a look if you have time.
Some examples of Deceptive Content
To demonstrate what sort of practices will be caught by the new warning, Google posted some examples. The first example tries to trick the user into updating software, but may instead just be installing malware onto the user’s computer:
The next example tries to trick the user into installing software:
In other cases, adverts may be placed on websites nearby legitimate buttons to encourage users to download incorrect software that they believe is legitimate:
This marks just the beginning of Google’s fight to make the web safer for its users. Lucas Ballard, a member of Google’s Safe Browsing Team, commented: