Google announced today that its Safe Browsing service in Chrome now flags websites that use social engineering content like fake download buttons, fraudulent updates, and ads designed to mimic the branding on a page in an effort to spread malware.
These types of social engineering ads can be common on certain websites and attempt to trick a user into — for example — installing a new update to Flash. Instead, the download is actually malicious software than can hide nefarious things like ransomware on the user’s computer.
This change is a part of the company’s new social engineering policy, which was introduced in November. If Google identifies forms of social engineering on a website — say, a fake log-in screen designed to mimic your bank or a false update site — then the users will redirect to the Chrome warning page (or, as I like to call it, the red screen of death). From there, its up to the user to take the risk.
It’s yet another step forward to help people on the Web avoid potentially harmful attacks from criminals online, and one that shows just how sophisticated browsers have become in identifying features on any given webpage.
For those who feel unfairly targeted by Google’s new changes, the company has offered a help page to fix the issue.
No More Deceptive Download Buttons [Google Online Security Blog]