Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
CUSTOMER RELATIONSHIP MANAGEMENT NEWS. UPDATED 8 MINUTES AGO.
You are here: Home / Data Security / Google's New Tool Fights Phishing
Google Combats Phishing with New Security Tool
Google Combats Phishing with New Security Tool
By Jennifer LeClaire / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
APRIL
29
2015
Tech giant Google is going toe-to-toe with phishers with its new Chrome browser extension. With all the high-profile data breaches, this could add another layer of security for end-users who are falling for social engineering tactics.

Social engineering strategies trick users into clicking on links that contain malicious software downloads or otherwise send them to fake sites that entice them to enter personal information in exchange for some type of reward or access. Fake banking sites are prime examples.

Google’s new tool is called Password Alert. Here’s how it works: If you enter your Gmail or Google for Work password into anywhere other than accounts.google.com, you’ll receive an alert, so you can change your password if needed.

Google explains that Password Alert also tries to detect fake Google sign-in pages to alert you before you’ve typed in your password by checking the HTML of every page you visit to see if it’s impersonating a Google sign-in page.

The Phishing Realities

Google is on to something with its Password Alert. According to the McAfee Labs, phishing continues to be an effective tactic for infiltrating enterprise networks. A September 2014 study revealed 80 percent of participants failed to detect at least one of seven phishing e-mails.

“One of the great challenges we face today is upgrading the Internet’s core technologies to better suit the volume and sensitivity of traffic it now bears,” said Vincent Weafer, senior vice president for McAfee Labs. “Every aspect of the trust chain has been broken in the last few years -- from passwords to OpenSSL public key encryption and most recently USB security. The infrastructure that we so heavily rely on depends on technology that hasn’t kept pace with change and no longer meets today’s demands.”

Symantec’s 2015 Internet Security Threat Report pointed to an 8 percent increase in highly-targeted spearphishing attacks in 2014. What made last year particularly interesting was the precision of these attacks, which used 20 percent fewer e-mails to successfully reach their targets and incorporated more drive-by malware downloads and other Web-based exploits, Symantec noted.

“Attackers don’t need to break down the door to a company’s network when the keys are readily available,” said Kevin Haley, director of Symantec Security Response. “We’re seeing attackers trick companies into infecting themselves by Trojanizing software updates to common programs and patiently waiting for their targets to download them -- giving attackers unfettered access to the corporate network.”

Not Enough

We asked Graham Cluley, an independent security analyst in the United Kingdom, for his thoughts on Google’s Password Alert. He told us the problem is that it only helps you with your Google password.

“People have many, many more passwords than just their Google one. My recommendation would be to use password management software,” Cluley said.

“If you use a password manager, then when you go to a bogus Web site it won't prompt you to enter your password -- because it doesn't recognize it -- and that can be your warning that something is phishy. And, of course, that works with any password -- not just your Google one.”

Image credit: iStock.

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN DATA SECURITY
CRM DAILY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.