Crooks often use typo-squatted domains and homograph attacks to facilitate credential theft from unsuspecting individuals. It’s a practice that Google is actively working to curb through its Chrome web browser.
Even the most experienced Internet user can end up on a phishing website without realizing it. All it takes is one accidental keystroke – adding an extra letter or by forgetting to add a letter.
Google’s engineers have been exploring ways to help users better identify potentially nefarious URLs. Google Chrome is currently testing a new warning to flag these types of domains. Since the release of Chrome Canary 70, engineers have been testing a feature designed to detect lookalike URLs. It’s accessible by entering the following into the URL bar:
The feature was highlighted this week by Emily Stark, an engineer on Google Chrome’s security team, who spoke Tuesday at the Enigma Conference in Burlingame, California. According to CNET, the tool would essentially flag mistyped URLs or shady domains looking to deceive web users by closely mimicking the addresses of other websites—a tactic used to manipulate users into sharing payment or other personal information. When this happens, the tool will prompt users headed to a bunk or sketchy URL to instead reroute to a legit one.
When a suspicious URL is entered with the feature enabled, Google Chrome will present a dropdown asking if you really meant to access the URL in question.
“We designed this warning to be informational rather than scary,” she Google Chrome engineer Emily Stark during a talk at the Enigma Conference on Tuesday.