Security
Now Reading
Google releases a new Chrome extension “Password Alert” to protect users from Phishing Attacks
0

Google releases a new Chrome extension “Password Alert” to protect users from Phishing Attacks

by AshwinApril 30, 2015

Google wants to protect its not-so tech savvy users from phishing sites.

Google-Password-Alert
The Mountain View company has announced that it will be doing so from right within its home-cooked browser, Chrome.

Phishing or scamming has been an unsolvable pain for decades. In fact, scammers use modern techniques to trick people into believing they are dealing with a genuine website.

Example-of-a-Phishing-website

Google has released a new extension called Password Alert, for its browser, Google Chrome.

Password Alert works on its own, and will display a warning when you enter your Google password into a webpage that is not a Google sign-in page.  Besides protecting users from Phishing, it also recommends using unique passwords for every website.

The extension protects all Google accounts including Google Apps for Work, Google Apps, Drive.

How Password Alert works:

Once installed the extension remembers a “scrambled” version of your Google password.  Should you enter the same password on a non-Google page, it will warn you.

Password-Alert-Example

Keep in mind that it merely serves as a warning system, and that it will not stop a phising attack, you will have to manually update your password and protect your account.

Admins can install Password Alert for domains to protect all accounts, and receive alerts when an account attack is detected.

Installation:

Just visit the Extension’s page on the Chrome Web Store.

Google-Chrome-Password-Alert-Extension

Click on the Add to Chrome Button, it will give you the standard warning about the extension’s permissions. Click the Add button, and the extension will be installed.

Google-Chrome-Password-Alert-Extension-Popup

You should get a prompt asking you to sign in to Chrome (Google account). Do so From the Menu > Settings > Sign In to Chrome.

Google-Chrome-Password-Alert-Extension-Signin

Note: It doesn’t matter if you are already signed in to your Gmail account. Sign in to Chrome is a different option, and lets you sync your browser’s settings across devices and platforms.

Unsurprisingly the extension isn’t available for Mozilla Firefox or any other browser. The extension is exclusive to  Chrome, and could even help Google to attract users to its browser.

Such security measures are already in place for LastPass, as it will only offer to sign you in on the account’s original domains. It also warns the user about duplicate passwords.

How to stay safe from phishing  and other malicious websites:

  1. Phishing websites often have flashy and colourful websites, with awkward designs.
  2. Scam messages and phishing websites are poorly worded, and have incorrect grammar.
  3. Google when you have doubts. A quick search will reveal if a website is genuine or not.
  4. Do not log in to your accounts while using a public network or a public computer.
  5. Do not give out credit card or other financial information on unknown websites.
  6. Ensure that the websites that you make purchases on, uses a secure connection. (HTTPS). You can find the word https in the URL of your browsers address bar. You can also use an addon like HTTPS Everywhere to stay safe.
  7. Never give out your passwords to anyone.
  8. Always use a strong password with consists of alphabets, numbers and symbols. Never use pronouncable passwords (names, words,etc) or your birthday, anniversary, etc.
  9. Never use the same password on multiple websites. If you have difficulty remembering passwords, use a free and secure password manager like LastPass.
  10. Use a reputed antivirus software and a firewall. They may block bad websites by themselves. It is also advisable to update your Operating System to the latest versions as they may have critical security updates.
  11.  Never click or open emails from unknown senders. They could contain phishing links, or in the worst case scenarios, may even come with Malware. Setup filters in your Gmail account  (or any other email service) to detect malcicious keywords and automatically delete such messages.
  12. Use a modern browser (like Mozilla Firefox, Google Chrome, Microsoft Edge, etc). Clean your browsers cache and cookies regularly. You can do so from your browser’s settings.

Leave a Response