Chrome browser will soon start flagging domain-spoofing URLs
31 January 2019
Google is testing a new feature in Chrome browser that will flag malicious URLs that are being used by cyber criminals to carry out domain-spoofing of URLs of websites owned by well-known brands, universities, organisations, and personalities.
Domain-spoofing is among the most severe cyber threats of our time that affects organisations, governments, and individuals alike. The use of malicious URLs that mimic genuine ones not only helps criminals to obtain login details, personal and financial information of millions of people but also helps them in spreading fake news and disinformation to create panic and alarm.
In the UK, hackers have used domain-spoofing tactics to defraud hundreds of university students and those donating to the UK’s top charities of vast sums of money. At the same time, they have spoofed domains of leading media organisations in the UK such as BBC News, The Guardian, Sky News, ITV News, and the Daily Mail to spread disinformation and fake news to the public.
Thanks to a new feature that Google may introduce in Chrome browser, millions of Chrome users could be saved from being defrauded by malicious domain-spoofing URLs in the near future. According to several reports, Google is now testing a feature that filters out such URLs and alerts users that such URLs may not be the ones they’re trying to visit.
According to ZDNet, the new feature is called “Navigation suggestions for lookalike URLs”
and can be accessed by users of Chrome Canary 70 by visiting the URL chrome://flags/#enable-lookalike-url-navigation-suggestions. Once activated, the feature will show a drop-down bar under the address field and this bar will suggest the matching legitimate URL to the user.
Google may launch the feature in the stable version of Chrome shortly but the company is yet to announce an exact date.
Last year, we learned that WhatsApp was also planning to launch a new feature named ‘Suspicious Link Detection’ to detect fraudulent links or domain-spoofing links and alert users about them.
According to WABetainfo, a news website dedicated to updates rolled out by WhatsApp, the new feature ensures that everytime a user receives a suspicious link on the platform, the user will also see a red-coloured alert from WhatsApp stating that the link is suspicious.
The feature will also apply to domain-spoofing websites, that are basically fake websites that mimic popular domains trusted by the public. If a user clicks a domain-spoofing link, the user will then see a pop-up stating “This link contains unusual characters. It may be trying to appear as another site.” The pop-up will also ask the user to either open the link or to go back.