The most vulnerable element of every security man. Method of information targeted attack on him is called social engineering. And Google now expanded the capabilities of its technology Safe Browsing by identifying and blocking attacks conducted by way of social engineering. What does that mean in practice?
Technology Safe Browsing (in English called Safer web) “identifies unsafe websites and warns them users and webmasters so you can avoid them.” It is implemented in browsers Google Chrome , Mozilla Firefox , Safari and every day prevents hundreds of attacks on users of these browsers. One of the types of attacks are attacks from malware target sites for a second type of phishing (as planted fake sites attempting to steal sensitive personal information). Safe Browsing is now expanding the breadth of protection against phishing as well as protection against social engineering.
Social engineering is in the context of computer security seen as an attempt to fool and manipulate elicit sensitive information from a targeted victim with the help of hiding and often multiple fake identities to simulate the communication partner. Google developers of social engineering on the one hand, placed in the category of phishing, on the other hand, understand it as “a much broader category than traditional phishing, which involves multiple modes of deception by using Web content.” Content sites attacking social engineering:
- “He pretends to be – it looks – or gives the impression of a trusted authority – the type of bank or government agency, or
- trying to get users to act as they would act only in a relationship with a trusted entity – eg. shared passwords or to communicate with technical support. “
Attackers can pretend, for example, alert to the outdated version of browser you use, and calls for the installation of the new version. Although it was eventually computer is infected with malware, the technique itself (= forcing people to work), social engineering attacks.They try to deceive users by using logos and way of communicating trusted entities.
Another method of attack may be unexpected warning about the crisis of the user’s system and prompts you to call technical support. It may either itself elicit more sensitive information directly from users, or prosaic work on expensive toll telephone line.
And some are directly challenging the accounts of Google services for the purpose of further abuse. In the illustrative picture, note the URL address. First, an unsecured HTTP connection (Googley services use HTTPS), as well leetspeak replacement OO-zero-zero.
Therefore, whenever Chrome , Firefox and Safari in the future on these misleading attempts to hit, immediately alerts the user to a fraudulent website abusive social engineering.
Sources: Google Chrome Blog , Google Transparency Report