Google Combats Domain Jacking In Latest Chrome Feature

Google is to the rescue again. Not only did the company implement anti-phishing and mobile subscription scams protection into its Chrome browser, but now it’s taking another step to help protect users. In the version 72 of Chrome there is new feature that checks for spelling before sending you to a misspelled version of some popular websites. Yes, those of us with “fat fingers” or are just terrible typists are now getting a little bit of help so that we don’t get caught out by typo-squatters.

The feature is called “Navigation suggestions for Lookalike URLS.” When it’s active, it will check the spelling for sites where the user was really likely intending to go to another one, such as PayPal or other financial related ones. This is important because criminals will set up websites that look similar to the real sites but might have one character different. Often that character is substituting the lowercase letter “L” for example with the number 1. It’s difficult to see the difference sometimes, if you are not looking closely. This criminal strategy is called typo-squatting or domain jacking.

But that isn’t the only way you can get tricked by false websites. There is another method where criminals will take advantage of homographs. These are essentially using a different code to register to sites that when they get translated for us “westerners” look similar to a legitimate site. It translates many non-Latin alphabet letters, so they look like our characters, but really are not.

Chrome will now alert users if it thinks they really meant to go elsewhere to help protect against these types of attacks.

As of this writing, the way to activate this is to type “chrome://flags/#enable-lookalike-url-navigation-suggestions” into the Chrome browser. Just make sure you have version 72 or above installed. You can check by going to “Chrome > About Google Chrome” in the menu bar.

In addition to this, another feature has been released for Chrome to help you with passwords. A new plugin will check a website in which you enter login credentials and alert you if the site has been breached. If it finds that it has, it will recommend you change your password. It’s called “Password Checkup” and can be added as an extension to your browser from the Google Chrome web store.

Just use caution when adding any extension to your browsers. They too can harbor malicious code and cause you a world of grief. So, be sure to research those thoroughly before putting your devices at risk.

Stickley on Security
Published August 24, 2019