Google expands Chrome's Safe Browsing defenses to sniff out ad scams
Safe Browsing is the name of both the backend technology Google created and the API (application programming interface) that developers, including other browser makers like Mozilla, can call to intercede when a user steers toward a website that may contain malicious content.
"Today, we're expanding Safe Browsing protection to protect you from such deceptive embedded content, like social engineering ads," said Lucas Ballard, a senior staff engineer on the Safe Browsing team, in a post to a company blog.
Ads that Google considers "deceptive" will trigger a warning in Chrome -- a bright red screen with text that starts, "Deceptive site ahead" -- said Ballard.
Google's broad definition of "deceptive" includes any ad that "pretends to act or look and feel, like a trusted entity," or one that tries to "trick you into doing something you'd only do for a trusted entity."
Ballard cited several examples of such ads, including those that claim a third-party program is necessary to view content, but assert that the software is out of date.
Scammers and cyber criminals have long used that tactic to dupe users into downloading and installing malware on their devices. In the past, Adobe's Flash has often been the focus of such scams, which contend that Flash must be updated. In reality, that's simply a lie: Criminals expect a percentage of users who see such prompts to do as bidden, and self-infect their PCs.
Google's Safe Browsing, which initially only detected likely phishing attempts -- websites that mimicked legitimate sites and claimed that the user had to type in their password -- has expanded into other areas in the last three years, such as warnings of potentially-malicious downloads and devious software that tried to change browser settings.
In November, Google extended Safe Browsing's reach to include socially-engineered scams of several sorts, including those that pronounce the PC infected and direct consumers to fraudulent sites and call centers, which scare them into paying large sums for bogus technical support.
Although Google has almost always trumpeted the security angle when it restricts where users can go on the Web without seeing an alert, the moves have also been in the Mountain View, Calif. company's own business interest. Shifty content of any kind makes browsing riskier, and so has the potential to convince people that their online time should be curtailed or their navigation constrained. That, in turn, would affect Google's primary revenue stream, which is to serve huge numbers of ads within search results.