Top Nav

How to Prevent Phishing Attacks with Google’s Alert Tool (Updated)

Google Chrome LogoGoogle has created a new security tool that’s aimed to thwart phishing attacks. The free Chrome extension keeps track of where you enter your Google account password, and will alert you when you’ve entered it somewhere other than accounts.google.com.

If you’re not familiar with phishing, its when a shady operation poses as a legitimate company like your bank, and sends you an email, that looks like the real deal, and it directs you to a site that looks equally legit. Then has you enter in sensitive personal information such as your account number, password, or social security number.

For instance, you could get an email from some third-party claiming to be Google, the email looks legit, with the company logo, and professional language, and it gives you a link where you need to change your password. When you click that link, instead of going to the real Google, it goes to a nefarious site that steals your information.

This tool will alert you when your Gmail or Google for Work password is entered anywhere other than account.google.com. It also tried to detect fake Google sign-in pages and alert you before you enter your password.

Google Alert Chrome Extension

Setting this up is a piece of cake, and does add an extra layer of security to your account data. Download the Password Alert extension from the Chrome Web Store.

Google Password Alert Extension

After it installs, you’ll be prompted to enter your Google account credentials. After that, it will start monitoring where you enter your Google account, and help prevent phishing attacks before it’s too late.

For more information, you can read the full FAQ page here.

Alert Page

Remember, this is an extra tool to help keep your Google account protected, but for the best protection of your account, make sure and enable Two-Factor Authentication (2FA).

For more on 2FA, read our guide: Google Two-Factor Authentication Roundup. It will explain what it is, why you want to enable it, and how to set it up.

Update May 1st, 2015: Well, that didn’t take long. According to Ars Technica, just 24 hours after this extension was rolled out, it has been exploited and the drop-dead simple exploit nukes this extension. Google released a fix, and that,too, was bypassed. The extension was blocked by a security researcher, and if he can do it, then criminal attackers can as well.

That doesn’t mean that if you did install it that you are being attacked or in immediate danger. It just means, the extension isn’t effective. We’ll continue to keep an eye on how this story develops.

For now, I would recommend not installing it until we know more and it has been secured.

More Reading:

,

No comments yet.

Leave a Reply