For the past year or so, Google has been ramping up its efforts to protect users against malicious Internet activity, from enforcing the use of HTTPS to kicking about misbehaving ads. Sometimes, however, the most effective attacks are the simplest ones. Like waiting for some user to accidentally type the wrong link in the address bar, taking them from Google to some data sucking site. Soon, however, that may be a thing of the past, at least if users heed future warnings from Chrome about URLs that look alike but are not.
The oldest phishing trick in the book, as they say, is to get users to unknowingly go to a site cunningly crafted to look like the real thing. Be it through a typo or by clicking a link, some nefarious site hides behind almost every lookalike URL. In a future version of Chrome, the browser might ask if you intended to go somewhere else. Just in case you weren’t aware that “goo0gle” isn’t “google”.
gHacks reported the upcoming feature that currently hides behind a settings flag. Unlike Chrome’s already existing anti-phishing feature, the lookalike URL warning doesn’t compare the address to a list of known phishing sites. Instead, it works the other way around and tries to compare the URL with known good sites and asks if you might have made an error.
As mentioned, it’s still an experimental feature and while the setting may be present on the latest Chrome versions, it seems to work only for Canary and Dev builds. Don’t get too attached though, because it could also mean it won’t even make it to stable.
While every little bit of help counts, the warning for lookalike URLs might be too easy to miss. Or, worse, too easy to dismiss. Google should probably use a bit more color to call attention to the potentially harmful URL and enable it by default. Presuming it actually becomes a final feature, that is.