A majority of us have either experienced or have run across someone who has fallen victim to a phishing scam. The result is either a hijacked email or social account to a variety of other social engineering tricks affecting their social media profiles. When a Google profile is hijacked it can come with a host of serious and dangerous side effects.

anti phishing tool

For most of us passwords are reset through our GMail accounts. Our paypal and banking sites all lean back to that account and in skilled hands, if that Google account falls, so does your other accounts. That is why Google has worked hard on setting up multi factor authentication along with other steps to enhance site security for our accounts and the web. Now they have a tool that notifies us when we are about to enter our Google credentials on a non Google login site which is a common practice for Phishing attacks.

Google’s New Anti Phishing Tool

The open sourced anti phishing tool is called “Password Alert” and is available in the Chrome Store (here). Per the app description, the tech behind the security UI is simple enough:

Password Alert also tries to detect fake Google sign-in pages to alert you before you’ve typed in your password. To do so, Password Alert checks the HTML of each page you visit to see if it’s impersonating a Google sign-in page.

Upon a successful login, the extension keeps a “salted reduced bit thumbnail in local storage”. When landing and signing into a non Google page, the extension will active and alert the user that it’s now time to stop what they are doing and change their Google password.

The app only works on Chrome but it fortunately it works for both personal and business Google accounts. So for those using Google apps for enterprise, they can easily push this across their domain and also set up a Google App Engine instance for monitoring purposes. Javascript must be enabled though for each machine to properly use the extension, but the implementation for both types of users should be otherwise seamless.

anti phishing tool

Google shared a sobering statistic when it comes to phishing attacks. They state that attacks has had a 45% success rate in recent years. Many of the larger retail attacks that we have seen and have been affected by resulted from a phishing attack. That stat is entirely too high. When it comes to our accounts and when it comes to the less tech literate among our friends and family, it’s probably a good idea to start not only coming up with security measures for ourselves, but for those around us as well. This tool is a simple means to that end.

Google has worked hard and insists that their uses take some due diligence to better improve their security. Sure it is inconveniencing to set up these features on a Google account that requires log in’s at so many times. For ROM flashers like myself, it’s a fairly large annoyance, but after having my account hijacked a few years ago, I would much rather deal with the extra steps to get to my account to ensure that no one else does.

Google posted a FAQ and a Github page for those that want to use and build on the code that’s available. They also give helpful instructions on how to install the extension for both end users as well as enterprise. For those who are interested in other security features from Google the below links will help:

 

Source: Google Anti Phishing Tool Blog

About the author

Mike Lewis

Born in Norfolk, Virginia. Grew up on the Rappahannock River in Warsaw, Virginia. I’ve also lived in Lynchburg, VA, Indianapolis, Chicago, LA, Dallas, and Orlando. Now living in Richmond, VA.

Avid geek and enthusiast, metalhead, writer.