Google has recently announced its plans to start cracking down on websites that display deceptive ads. The company will begin warning users if they ever enter such places on the web with a message stating "deceptive site ahead", once they click on an ad it suspects contains "social engineered" content.
The company aims to lessen this significantly through its updated social engineering policy. It lists possible deceptive social engineered ads, some of which:
- Pretend to act, or look and feel, like a trusted entity — like your own device or browser, or the website itself.
- Try to trick you into doing something you’d only do for a trusted entity — like sharing a password or calling tech support.
These ads, like the images on the right, may come in a form of an alleged "download button," usually stating that a plugin needs to be installed in order for content on the website to be utilized. Another type of deceitful ad is one that states that a user's system is outdated, and that they should click on the illusory message box in order to keep their computer updated. And lastly, one of the most common tricks is an ad disguising as a download/play button for a streaming website.
Once a user clicks on these misleading ads, they could be tricked into downloading some sort of program that could possibly inject viruses and malware onto the victim's PC, which in turn could steal personal data. Another possible scenario is that users could be asked to finish a survey, which will supposedly unlock the download. Little do innocent people know, that the survey is the perpetrators' way of stealing information.
The initiative is part of Google's 'Safe Browsing' program, which can be found in Google Chrome, and aims to fight unwanted software and social engineering. The company aims to improve it over time, to be able to protect more users from online deception.
Back in November, Google also took security measures when it comes to email. It started warning users if ever a message from an unencrypted connection arrives, which tampers with requests to initiate SSL connections.