Google is making good on its promise to protect users from social engineering attempts. The company is now putting the kibosh on fake download buttons, malware masquerading as system updates, and other similar types of attacks.
Browsers using Google's Safe Browsing API (Chrome, Firefox, and Safari, among others) will show users a big red warning when they visit a site that's been flagged as containing fake download prompts or trying to trick users into installing something. In Google's own words, sites will "qualify" when they:
- Pretend to act, or look and feel, like a trusted entity — like your own device or browser, or the website itself.
- Try to trick you into doing something you’d only do for a trusted entity — like sharing a password or calling tech support.
Google goes on to show a couple examples of this type of attack, although most gerbils should be fairly familiar with them. Even some legitimate download websites occasionally resort to using this tactic, likely to get a bigger payout from shady ad networks.
It's safe to say that these "ads" will not be missed by anyone other than the people profiting from them. This won't be the last measure to be put into place in the fight against malware on the web, too—Google says that "the fight against unwanted software is still just beginning."