Google to deep six dodgy download buttons

Google announced today that its Safe Browsing service in Chrome now flags websites that use social engineering content like fake download buttons, fraudulent updates, and ads created to mimic the branding on a page in an effort to spread malware. It is very tough for users to distinguish these deceptive buttons from actual buttons. Whenever you run into these ads or deceptive download buttons, Google will give you a “Deceptive site ahead” warning. Google will warn users about websites that come with deceptive download button, or an image ad that claims your system is out of date.

Those receiving protection from Google and its Chrome browser will be presented with a message similar to the one below.

Ushering in the update, Lucas Ballard of the Safe Browsing Team posted on Google’s online security blog post, “Our fight against unwanted software and social engineering is still just beginning”. “Attackers on (the site) may trick you into doing something unsafe like installing software or revealing your personal information (for example, passwords, phone numbers, or credit cards)”.

In our recent article detailing sites that employ some of these practices, we highlighted those that mislead the user into thinking they need to update software (such as Flash or a media player) to play a video.

Last November, Google got more aggressive against social engineering attacks that are more varied and numerous in comparison to traditional phishing schemes.

Pretend to act, or look and feel, like a trusted entity – like your own device or browser, or the website itself.