One of the most common and dangerous traps on the Internet today are called phishing sites. Phishing is an illegal attempt to steal sensitive information such as usernames, passwords, pin numbers, credit card details, etc. Malicious users and hackers, put up fake websites that mimic real ones in the hopes of fooling users into providing this sensitive information. According to statistics gathered by Google, 2% of all messages sent to Gmail are phishing attacks that have a success rate of 45%. Below is a sample of a phishing page mimicking Google.
Google has come up with different ways in the past to help users in protecting their accounts and passwords. They’ve provided tools like 2-step Verification, Security Key, the Google Authenticator app and Google Safe Center just to name a few and are constantly improving their Safe Browsing technology. Yesterday, Google announced and launched a new Chrome extension called Password Alert that will help users keep their Google account & passwords safe. This extension protects regular Google Accounts as well as Google Apps for Work Accounts.
Password Alert helps protect against phishing attacks. If you enter your Gmail or Google for Work password into anywhere other than accounts.google.com, you’ll receive an alert, so you can change your password if needed.
Password Alert also tries to detect fake Google sign-in pages to alert you before you’ve typed in your password. To do so, Password Alert checks the HTML of each page you visit to see if it’s impersonating a Google sign-in page.
GOOGLE ACCOUNTS
For regular Google Accounts, here’s how Password Alert works. When the extension is already installed and initialized, Chrome will take note of the user password and store it in a “scrambled” version. This information is only kept for security purposes and will not be shared to anyone. When the user types in their password into a fake Google sign-in page, Password Alert will display a warning like the one below, alerting the user that the password has been compromised and is at risk of being phished. The user is also advised to update and change their password.
GOOGLE FOR WORK
For Google at Work Accounts, including Google Apps and Drive for Work, the Password Alert extension could be installed by the administrator so that all users on that domain will be protected and receive alerts whenever there’s a problem. This is a very useful tool for companies and businesses who use Google at Work Accounts because it can spot malicious attacks and prevent employees from accidentally giving away sensitive information.
ADDITIONAL NOTES
- Password Alert doesn’t store passwords or keystrokes. It stores a secure thumbnail of the password and compares it against most recent keystrokes in Chrome.
- Password Alert only works when Javascript is enabled in the Chrome web browser.
- Password Alert doesn’t protect Chrome Apps, Chrome Extensions or non-Google products/services accounts & passwords.
- For Google Accounts, no data is sent from the local computer. While Google for Work Accounts, the administrator can choose to receive alerts.
If you have a Google account, meaning you use one or several of these products/services – Gmail, Google+, Android, YouTube, Drive, Blogger, Picasa, Google Wallet, Google Keep, etc. then you are strongly advised to install and use the Password Alert extension on the Chrome web browser.
Download the Password Alert from the Official Chrome Web Store.