As of this week, Google is taking aim at websites that host fake download buttons or pop-ups warning of nonexistent malware on your computer. In a blog post on Wednesday, the company said this was another expansion of its Safe Browsing feature, which in November started shielding users against social engineering attacks.
Social engineering is insidious in that it tricks people into giving up secure information by masquerading as a secure service—say, a bank. From Google's blog post:
Consistent with the social engineering policy we announced in November, embedded content (like ads) on a web page will be considered social engineering when they either:
- Pretend to act, or look and feel, like a trusted entity — like your own device or browser, or the website itself.
- Try to trick you into doing something you’d only do for a trusted entity — like sharing a password or calling tech support.
Google offered up a few examples of the content that it will now identify as social engineering attacks:
Safe browsing is nothing new; the service has been around for more than eight years, but until recently had mostly protected users from malware or sites that Google labeled as unsafe. Now that Google is also blocking embedded ads, it's possible that some sites could be blocked due to social engineering ads that creep onto their pages.
[via Ars Technica]