Google's Password Alert Chrome extension foils phishing attempts

Phishing schemes are one of the more popular ways hackers and other nefarious sorts gain access to accounts that are not their own, and despite attempts to educate users on what to look for, these kind of attacks are still largely successful. Google, however, is working to further quash them with the introduction of a new Chrome extension called Password Alert, which points out to users when they attempt to log into their Google account on a website that is not Google's own.

Many phishing attempts work because they lead the victim to a Web page that is designed to look identical to — or nearly identical to – whatever website it was the person was intending to visit. A quick look at the URL will reveal that it isn't the right Web page, but many don't bother to double-check that URL.

In the case of Web pages that are designed to emulate Google's own, such as the one shown in the first image above, Password Alert will block access to it (hopefully) before you enter your log-in credentials, doing so with the page shown in the screenshot directly above.

Of course, the extension is only available to those using Google's Chrome browser, and it is available on the Chrome Web store for free. The extension works with Gmail and Google for Work, and is said to check "the HTML of each page you visit to see if it's impersonating a Google sign-in page." Javascript must be enabled.

SOURCE: Google Official Blog