Google has created a new security tool that’s aimed to thwart phishing attacks. The free Chrome extension keeps track of where you enter your Google account password, and will alert you when you’ve entered it somewhere other than accounts.google.com.
If you’re not familiar with phishing, its when a shady operation poses as a legitimate company like your bank, and sends you an email, that looks like the real deal, and it directs you to a site that looks equally legit. Then has you enter in sensitive personal information such as your account number, password, or social security number.
For instance, you could get an email from some third-party claiming to be Google, the email looks legit, with the company logo, and professional language, and it gives you a link where you need to change your password. When you click that link, instead of going to the real Google, it goes to a nefarious site that steals your information.
This tool will alert you when your Gmail or Google for Work password is entered anywhere other than account.google.com. It also tried to detect fake Google sign-in pages and alert you before you enter your password.
Google Alert Chrome Extension
Setting this up is a piece of cake, and does add an extra layer of security to your account data. Download the Password Alert extension from the Chrome Web Store.
After it installs, you’ll be prompted to enter your Google account credentials. After that, it will start monitoring where you enter your Google account, and help prevent phishing attacks before it’s too late.
For more information, you can read the full FAQ page here.
Remember, this is an extra tool to help keep your Google account protected, but for the best protection of your account, make sure and enable Two-Factor Authentication (2FA).
For more on 2FA, read our guide: Google Two-Factor Authentication Roundup. It will explain what it is, why you want to enable it, and how to set it up.
That doesn’t mean that if you did install it that you are being attacked or in immediate danger. It just means, the extension isn’t effective. We’ll continue to keep an eye on how this story develops.
For now, I would recommend not installing it until we know more and it has been secured.