Google’s answer to phishing attacks: Shorter website URLs

Google is reportedly planning to introduce a feature in Chrome 85 that will shorten website URLs in a move to enable users to easily identify genuine sites and protect them from phishing attacks.

According to Android Police, Google Chrome's Dev and Canary channels (V85) now sports a new feature that has been designed to restrict website URLs to keep only the domain name visible to Internet users.

A report from the website claims that Internet users can still view full website URLs by hovering their mouse over the address bar if a proposed feature to modify the above rule gets the nod. At the same time, Google is also working on a feature to hide a website's address bar once a user interacts with a web page.

Based on Google's previous attempts at shortening website URLs, Android Police states that Google is doing so to enable users to easily identify genuine websites from fake ones, thereby making phishing attacks less effective.

Commenting on the fresh move by Google, Orly Bar Lev, cyber security expert at Mimecast, said that it is great to see Google doing more to prevent consumers from falling for fake domains, as they can be very dangerous. There are no rules preventing anyone from registering an online domain that looks just like a legitimate brand’s domain name and creating a lookalike that resembles the original.

"Subtle differences can easily go unnoticed, fooling unsuspecting customers who will simply enter their credentials as usual. This is definitely a problem for UK businesses and recent Mimecast research found that have identified or been made aware of up to 10 web (or email) spoofing attack using their organisation's domains or lookalike domains in the last year, with 54% expecting this to increase in the next 12 months.

"Despite this, only 33% of UK respondents say brand exploitation protection (from domain spoofing) is included in their organisation's cyber resilience strategy. This needs to change quickly if UK businesses are to remain safe from website spoofing, as we cannot just rely on consumers to carry the responsibility alone," he added.

The phenomenon of hackers using lookalike domain names to defraud Internet users to share their personal information or payment card details has been thriving over the past decade. A few years ago, security firm Farsight Security revealed that as many as 27 percent of 100 million domain names, that featured non-English character sets to make browsing easier for non-English speaking users, were created by fraudsters with an intention to deceive users and to generate clicks fraudulently.

"Any lower case letter can be represented by as many as 40 different variations," said Paul Vixie, the founder of Farsight Security to BBC. During its research, Farsight Security came across more than 8,000 non-English characters that were being used by scammers to defraud Internet users either to generate clicks or to target them with malware.

MORE ABOUT: