Google Works On Spotting Dodgy 'evil Domains'

Tailfins on BA planesImage copyright Reuters
Image caption British Airways was being targeted by scammers who set up domains mimicking its real site

Google is working on a way for Chrome to do a better job of spotting fake websites that seek to trick people into handing over personal information.

It is concentrating on websites that use letters and numbers to approximate a recognised brand.

The work will mean Chrome will warn people they are about to visit sites it believes are fake.

Security firm Wandera said it had seen a "constant rise" in attacks using the non-standard characters.

The criminal gangs were exploiting a technology known as punycode, which converts non-English character codes into more familiar formats.

British Airways was a popular target for gangs using these attacks, said the security firm.

Google engineer Emily Stark talked about the search giant's development of the "evil domain" spotter at the Usenix Enigma security conference this week. Google has also shared early versions of the tool to help web developers test and refine it.

While Chrome already includes features that aim to spot known unsafe sites, the new tool would go much further.

Ms Stark said more needed to be done, because currently staying secure often relied on users noticing when domains were dodgy - even when experts would struggle to distinguish legitimate ones from those crafted by cyber-criminals.

Image copyright Wandera
Image caption Once transformed, many domain names are very similar to the legitimate ones they mimic

In particular, the tool will seek to tackle the growth of so-called homograph attacks that exploit modern browsers' ability to handle non-English characters.

However, this transformation can hide the fact that they were not created by the organisation they seem to represent.

Haris Kampouris, head of threat research at Wandera, said more and more cyber-crime gangs had turned to homograph attacks that abuse the punycode technology.

"We are still seeing a constant rise on this type of scam or phishing domain," he told the BBC. "That's likely to be due to the plentiful combinations that can be used."

Wandera had recently seen punycode domains for Google, BA, Adidas, Tesco, Asda and Ryanair that typically include one character that differed only slightly from its English equivalent, he said.

BA was currently the most-targeted UK brand in terms of punycode domains, said Mr Kampouris.

Many security firms and independent researchers have made add-ons for browsers or programs that spot phishing domains and try to warn people about these criminal domains.

Mr Kampouris said Google's move was a "step in the right direction" in tackling homograph-based attacks but hoped that the feature would make it to browsers on mobile devices which often did not receive protections seen on desktops and laptop versions.

Google has not given a date for when the domain-checking system will be added to Chrome.

RECENT NEWS

From Chip War To Cloud War: The Next Frontier In Global Tech Competition

The global chip war, characterized by intense competition among nations and corporations for supremacy in semiconductor ... Read more

The High Stakes Of Tech Regulation: Security Risks And Market Dynamics

The influence of tech giants in the global economy continues to grow, raising crucial questions about how to balance sec... Read more

The Tyranny Of Instagram Interiors: Why It's Time To Break Free From Algorithm-Driven Aesthetics

Instagram has become a dominant force in shaping interior design trends, offering a seemingly endless stream of inspirat... Read more

The Data Crunch In AI: Strategies For Sustainability

Exploring solutions to the imminent exhaustion of internet data for AI training.As the artificial intelligence (AI) indu... Read more

Google Abandons Four-Year Effort To Remove Cookies From Chrome Browser

After four years of dedicated effort, Google has decided to abandon its plan to remove third-party cookies from its Chro... Read more

LinkedIn Embraces AI And Gamification To Drive User Engagement And Revenue

In an effort to tackle slowing revenue growth and enhance user engagement, LinkedIn is turning to artificial intelligenc... Read more