Five years ago Google launched the Safe Web Browsing initiative designed to help protect users from malicious content unintentionally returned in Google Search Results. The Google Safe Web Browsing infrastructure specifically detects and protects users from malware, (Software that is intended to damage or disable computers and computer systems), and phishing web sites, (the activity of defrauding an online account holder of financial or personal information by creating a replica of and posing as a legitimate commercial website.)
For the past five years, everyday, Google Safe Web Browsing:
- Through built-in protection in Chrome, Firefox and Safari issues several million security warning alerts to over 600 million users.
- Finds about 9,500 new malicious web sites, and alerts users with a visible warning.
- For approximately 12-14 million Google Search queries and around 300,000 downloads warns users of current malware threats.
- Sends Webmasters thousands of notification warnings of potential malicious issues with their websites. (Sign up with Google Webmaster Tools here to receive these notifications.)
- Sends Internet Service Providers (ISP’s) similar notifications of potential malicious activity on their networks. (Sign up for Safe Browsing Alerts for Network Administrators here to receive these notifications.)
Phishing attacks are becoming more clever and complex. Google Safe Web Browsing has continued to evolve over time to respond to the challenges of today’s phishing techniques, which include:
- Shorter attacks with webpages (URLs) remaining active for less than an hour to evade discovery.
- “Spear phishing” attacks, whereby the spoofed email message appears to come from the targeted company and from someone of authority that might reasonably request the confidential information from the recipient. (These include nearly perfect replicas of legitimate commonly emails sent from Banks and Financial Institutions as well as eBay and PayPal which use the correct logo, formatting, color scheme and disclaimers – except for the one link to the phishing site and the improper request to divulge sensitive, personal information and/or passwords.)
- Phishing sites that, just like the luring fake email, exactly replicate a legitimate site but will prompt the visitor to download a Web Browser Extension or some other executable program to enable fake content or re-direct the user to a malicious site.
Google Safe Browsing specifically identifies two main categories of Malware websites:
- Legitimate websites that have had their content altered to redirect legitimate users to fake sites, provide fake content, or provide a “Drive-by-download” whereby the visitor receives a malicious program without their knowledge usually due to an exploit in the Web Browser.
- Websites that are purpose built to deliver malware.
Google has some important safety tips to make sure you don’t become a victim:
- Don’t ignore Google Safe Browsing Warnings! Do not visit an infected site until the site has been cleaned up. Many legitimate sites get “hacked” everyday with malicious content. Would you purposely ignore a sign that said, “Danger – Bridge Out?”
- Help Google find Bad Websites. Users of the Google Chrome web browser can select a check box on the red warning page to alert Google and help protect other users. (Get Google Chrome here.)
- Register your website with Google Webmaster Tools. This will allow Google to alert you of suspicious activity or code on your site.
Useful Links:
Google Webmaster Tools
– http://www.google.com/webmasters
Safe Browsing Alerts for Network Administrators
– http://www.google.com/safebrowsing/alerts
All about Google Safe Web Browsing in Google Chrome
– http://blog.chromium.org/2012/01/all-about-safe-browsing.html
StopBadware – Ads Integrity Alliance
– http://stopbadware.org
Get Google Chrome Web Browser
– http://www.google.com/chrome
Get Mozilla Firefox Web Browser
– http://www.mozilla.org/firefox
Get Apple Safari Web Browser
– http://www.apple.com/safari