Google takes social engineering to task, says no more deceptive download buttons

In life there are only a few certainties – death, taxes and online deception.

Fortunately, Google has decided to take one of those to task. It may not be the most scary of the above – after all, not even Google can avoid paying its dues – but it is an important move nonetheless.

Yesterday, the search giant announced that it was going to crack down on what it calls “social engineering ads.”

What does it mean by that?

Well, we’ve all seen plenty of examples – buttons on websites that say “Download,” “Play,” “Update,” “Install,” etc.

pasted image 0

But instead of being genuinely useful links to more content hosted by the site owner, they are actually adverts that, if you are lucky, lead to sellers of related products looking to entice you to buy from them.

Lucas Ballard, a software engineer with the company’s Safe Browsing Team explained that the new policy was an extension to its social engineering policy revealed in November which aims to protect people from tactics that attempt to trick them into giving up passwords and other sensitive information.

Ballard said embedded web content would also now be classified as social engineering should it:

  • Pretend to act, or look and feel, like a trusted entity — like your own device or browser, or the website itself, or

  • Try to trick you into doing something you’d only do for a trusted entity — like sharing a password or calling tech support

Should you attempt to visit such a site in the near future you will be presented with an unmissable warning that the site in question is deceptive in nature:

Google isn’t stopping there though – the tech giant says it plans to keep on making further improvements to its Safe Browsing – which already warns people if they are about to surf onto a site infected with malware – in order to improve web safety.

While the above is undoubtedly a great initiative which will help keep people away from sites that obviously don’t have their best interests in mind, I can only hope that all these additional web warnings will not instil a false sense of security into the average web surfer.

Google warnings do a great job of directing people away from websites that are bad for their computer’s health but I personally know some people who see them as something of a crutch – they think no Google warning is a sign that a site must be legit, and you can imagine the potential problems with that.

So, to wrap up, nice move Google, but please don’t forget that browser warnings are not an excuse for abdicating responsibility on the web – keep your eyes open and your wits about you. Don’t open unfamiliar sites, don’t click strange links found in emails and never give your personal information away to any site you don’t trust implicitly.

Leave a Reply