Google’s new URL typo detection feature could protect users from malicious websites

To guarantee that users always visit the right websites, Google Chrome can now spot typos in URLs and will show users a list of websites that are closely related to the correct one. Although the tech giant claims this feature will benefit dyslexic people, language learners, and anyone prone to make mistakes while typing a website address, it can also prevent users from visiting malware-laden websites because of misspelled URLs. 

Now available for use on desktops, Google says this feature will be released to Chrome for mobile in a few months. It’s common to misspell a website, say “Facenook.com” instead of “Facebook.com”, but while it seems harmless, clicking a misspelled URL could redirect the user to an illegitimate website disguised as the real deal. 

Cybercriminals typically buy the domain of websites with similar spellings to the real one and then rely on users to misspell a URL. When this happens, the internet user becomes vulnerable to phishing attacks, malware injection, and data (credit or debit card information) theft. 

Norton defines this practice as typosquatting, a situation “when someone — maybe a cybercriminal, hacker, or perhaps just someone hoping to advertise a product or service — registers a domain name that is an intentionally misspelled version of other popular websites.” 

Aside from jeopardizing a user’s personal information or network security, typosquatting can endanger the image of a business or corporation. When a threat actor registers a wrong website address that looks identical to the original one – “Zenithbank.org” instead of “Zenithbank.com”, replacing “org” with “com” will lead the unsuspecting user to a clone website where they’ll log into the portal. 

At this point, the cybercriminal can easily steal sensitive user information and use it for malicious purposes. Phishing is serious business with one attack believed to occur every 11 seconds.

Although cybercriminals impersonate verified websites by registering sites that share similar URLs, they also use other methods to launch phishing attacks. Email phishing involves sending emails to a potential victim claiming to be a senior work colleague or a bank account manager. They could even pretend to be a worker at Spotify, Netflix, or any subscription-based service, urging the user to click a particular link to get a reward. 

Read also: I/0 2023: introducing Google’s AI-powered ‘Help me Write’, the Pixel Fold smartphone and other updates

Other ways Google is securing users from phishing attacks 

Cybercriminals are highly persistent and keep developing new means to mislead internet users. The rapid development of technology hasn’t helped matters either. However, Google’s new feature joins the existing safety protocols designed to protect people when using Chrome. 

According to Google, Chrome comes with a phishing and malware detection tool that is activated by default. When the system detects that a website the user has typed could be dangerous, it’ll display any of the following warnings: 

• The site ahead contains malware 
• Deceptive site ahead 
• Suspicious site 
• The site ahead contains harmful programs 
• This page is trying to load scripts from unauthenticated sources 

Google also maintains a phishing report page where people who feel they may have encountered a deceptive website can paste the URL in question and then add extra details about the issue.  

Safety practices for phishing 

Successful phishing attacks can have monumental damage on the victim. For instance, internet pirates can use a user’s financial information to take loans, make expensive purchases in online stores, and so on. 

As such, securing oneself from deceptive sites can’t be over-emphasized. Some sensitive information that scammers can request using fake URLs includes usernames/passwords, bank verification number (BVN), mother’s maiden name, user’s birthday, personal identification number (PIN), and bank account number. Again, no legitimate websites will ask for personal information like the one above except during the registration process. 

Installing phishing-detecting software as browser extensions can go far in preventing attacks. Be wary of pop-up ads on Chrome which typically announce that you’ve won a competition you never entered for. Clicking such links is dangerous.