Google Tries Anti-Scam Tactic with Web Addresses
Google is testing a new way of showing a web page address in the browser. It hopes that simply showing the domain name will make it easier for users to spot phishing scams - as already happens with some rival browsers.
At the moment most browsers will show the entire web page address (URL) in the address bar. That's the box near the top of the screen that has a dual purpose in most browsers: it shows the current page address but is also where users type in both addresses and search terms.
A study for Google looked at ways scammers can take advantage of the browser bar. One example was the website address "https://bank.com.acct.balanc.es.". At a quick glance, users could easily assume the page belonged to the organization which controls "bank.com" when in fact it belongs to whoever controls "balance.es".
In this hypothetical attack, the scammers would have registered the domain name "balance" on a Spanish registry to create what might look like the word "balances" at the end of a page address. The reference to "bank.com.acct" is purely a directory within the "balance.es" website and doesn't give any insight into the organization behind it.
Most Scam Sites Not Spotted
Google's study found that while people could correctly identify a site as being genuine from the website of address 93 percent of the time, they were only able to spot a misleading site in 40 percent of cases. (Source: googleapis.com)
Now a random set of users of Google Chrome Canary (a version of Chrome used for testing features before they go into the main browser edition) will not see the full website address by default. Instead, they will just see the actual main domain name (without any page details) and in some cases the registrable domain will be highlighted. In our example, that could mean the user's attention is drawn directly to "balance.es", with "bank.com" potentially hidden or downplayed.
New Policy Optional For Users
Users will still be able to see the full URL which includes directories within the domain, and the specific page details.
To do this they can either hover over the address bar to reveal it, or right click on the address bar to bring up a menu that includes an option to revert to showing the full URL by default. (Source: chromium.org)
One problem with the testing is that the type of people who use Chrome Canary may be more likely to pay close attentions to website addresses and domain mismatches in the first place. It could also be difficult to prevent scams with visually similar domains such as rnicrosoft.com (with the 'RN' forming an 'M' at the beginning of the word) instead of 'microsoft.com'.
What's Your Opinion?
Would you prefer to simply see the domain name rather than the full URL? Will highlighting the main part be helpful? Do you think you could reliably spot a fake webpage from its URL?
Most popular articles
- Which Processor is Better: Intel or AMD? - Explained
- How to Prevent Ransomware in 2018 - 10 Steps
- 5 Best Anti Ransomware Software Free
- How to Fix: Computer / Network Infected with Ransomware (10 Steps)
- How to Fix: Your Computer is Infected, Call This Number (Scam)
- Scammed by Informatico Experts? Here's What to Do
- Scammed by Smart PC Experts? Here's What to Do
- Scammed by Right PC Experts? Here's What to Do
- Scammed by PC / Web Network Experts? Here's What to Do
- How to Fix: Windows Update Won't Update
- Explained: Do I need a VPN? Are VPNs Safe for Online Banking?
- Explained: VPN vs Proxy; What's the Difference?
- Explained: Difference Between VPN Server and VPN (Service)
- Forgot Password? How to: Reset Any Password: Windows Vista, 7, 8, 10
- How to: Use a Firewall to Block Full Screen Ads on Android
- Explained: Absolute Best way to Limit Data on Android
- Explained: Difference Between Dark Web, Deep Net, Darknet and More
- Explained: If I Reset Windows 10 will it Remove Malware?
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.
Comments
Highlighting would be helpful
This is basically the technique I use with email scams. I mouseover the sender-supplied name (like Infopackets Newsletter) and let the inbox show me the address. If it appears legit (like newsletter[ a t ]mailer.infopackets.com), I'll open the message. If it appears bogus or spoofed (like Andy.Whitfield.gp[ a t ]24-source-m-d.us), it gets deleted immediately.
But 1) I have to go looking for that, and 2) it could be easy to miss if the spoof is good or happens to be a close match. In an address field, highlighting the significant components would definitely be a reminder of how a URL is constructed.
So, would the spammers respond by lengthening their directory names so the real domains - highlighted or not - are hidden?
Address bar =/= Search bar
I would like to universally disable any and all searches from the address bar. If I type something into the address bar and it doesn't go to an actual site I do NOT want any sort of search performed for what the browser thinks I wanted. Yes, I'm 'old school', the more a 'feature' tries to be helpful the more I dislike it. If I want to search I'll use a search box. If I want to type an address I'll use the address bar. The two are NOT the same.
The most help I want is to have the browser resolve any 'tiny URL' type addresses and show me the actual destination and ask me if I really want to go to a site in Nigeria, India, or Afghanistan when I click a link supplied by my 'bank'.
URL display
I would favor highlighting and add a half-space between letters to avoid the "rn" = "m" problem.