Google has announced they are extending their social engineering warnings to include deceptive advertising. Back in November, Google updated its Safe Browsing service to include warnings against social engineering sites, a broad category of deceptive online content which mostly consisted of phishing attempts. This includes websites which disguise themselves as a trusted entity such as a bank, government office or trusted brand, to coerce users into downloading malware or providing login credentials. Now these warnings will extend to deceptive advertising content such as banner ads which claim that your software is out-of-date, those mimicking legitimate software developers, and “Download” and “Play” buttons which appear to be part of a website but re-direct users to unwanted pages or downloads.
Most people’s familiarity with the Safe Browsing service comes through the red warning pages that warn Google Chrome users when they attempt to visit a potentially malicious website. The Safe Browsing Service is actually a database of URLs that are known to contain malware, phishing, and now social engineering content. The list of malicious websites is frequently updated and utilized by the Google Chrome, Apple Safari, and Mozilla Firefox browsers to warn users attempting to visit these sites. The company also provides this information to internet service providers to assist them in protecting their customers. Approximately one billion people benefit from the Google Safe Browsing service.
According to Lucas Ballard from Google’s Safe Browsing Team, “You may have encountered social engineering in a deceptive download button, or an image ad that falsely claims your system is out of date. Today, we’re expanding Safe Browsing protection to protect you from such deceptive embedded content, like social engineering ads.” While the news is inherently positive for users, website owners and publishers will have to become more rigorous with regards to the due diligence performed on potential advertising partners. Advertising networks are becoming an increasingly common form of malware attacks. Perhaps punishing advertisers for promoting dubious content will force greater oversight in the long run.
Powered by WPeMatico