Google has taken another step towards protecting Chrome users online by alerting them to malicious embedded content.
The web is awash with embedded content such as download and install buttons or images claiming software is out-of-date and needs to be replaced immediately, claimed Google software engineer, Lucas Ballard.
However, while they deliberately try to mimic their host site’s look and feel to appear legitimate, they often lead to malware or attempt to trick the user into divulging personal information.
This tactic, known as social engineering, is hugely popular among cyber-criminals and is getting harder to spot.
“Consistent with the social engineering policy we announced in November, embedded content (like ads) on a web page will be considered social engineering when they either:
Pretend to act, or look and feel, like a trusted entity — like your own device or browser, or the website itself. [Or] Try to trick you into doing something you’d only do for a trusted entity — like sharing a password or calling tech support.”
That social engineering policy announced back in November was developed to expand Safe Browsing protection beyond traditional phishing to related types of deceptive web content.
Ballard also had a word for webmasters, pointing them in the direction of a support page they can visit if their site is flagged for social engineering content by Chrome.
The new capabilities come about a year after Google introduced protection against unwanted software which affects the online experience or makes “undesirable changes” to users’ PCs.
As part of that move it built capabilities into Search to identify and reduce the chances of users visiting deceptive sites, and began disabling Google ads leading to sites with unwanted software.
Most good anti-malware companies will include web scanning features to protect them from the most harmful online content, but it never hurts to have a second line of defense in case anything slips through.