Google has released a new Chrome extension that warns users when they type their Google password into a site that isn’t a Google sign-in page. The free security extension is called, ‘Password Alert.’
Phishing – Any illegal attempt of acquiring personal sensitive information like usernames, social security numbers,credit card details, security passwords etc., for malicious reasons by pretending to be a reliable log-in page.
Today, Google has seen a way too much phishing to help stop such attacks against accounts on Google domains and has taken measures. Google notes that effective phishing attacks that target unsuspecting users to log or enter their websites on a phishing page can have a success rate of up to 45 percent. According to the search giant, ‘nearly 2 percent of messages to Gmail are designed to trick people into giving up their passwords, and various services across the web send millions upon millions of phishing emails, every day.’
To help stop these phishing expeditions from affecting its users, Google has launched Password Alert, a free open-source Chrome extension that installs itself to the browser.
As the extension’s own page explains: “If you enter your Gmail or Google for Work password into anywhere other than accounts.google.com, you’ll receive an alert, so you can change your password if needed. Password Alert also tries to detect fake Google sign-in pages to alert you before you’ve typed in your password. To do so, Password Alert checks the HTML of each page you visit to see if it’s impersonating a Google sign-in page.”
Here’s how it works:
– Once Password Alert is installed, Chrome will remember a ‘scrambled’ version of the user’s Google password. Itonly does this for security purposes and doesn’t share it with anyone.
– With the scrambled password recorded, any attempt by a user to type in their Google password into a site that isn’t a Google page will have Password Alert put up a notice.
– This alert will tell the user that they’re at risk of being phished.
Password Alert is also available to ‘Google for Work’ customers, including Google Apps and Drive for Work. For corporations and organizations using Google for Work, there’s a server deployment that lets the system administrator receive alerts if a user gets phished.