You are using an older browser version. Please use a supported version for the best MSN experience.

Google will now warn users when websites host deceptive ‘social engineering’ ads

TechCrunch TechCrunch 12/04/2016 Sarah Perez

Google says it’s expanding its efforts at keeping web surfers better protected from deceptive content online through an update to its “Safe Browsing” initiative. The search giant will now flag and warn users when they encounter web sites with what Google calls “social engineering” advertisements. These are ads that try to trick users into thinking they’ve received a message from a trusted entity – like a web browser notification, software update, PC error message, or the website itself, for example.

Going forward, Google says that sites running these types of advertisements or hosting this content will now be flagged by Google and visitors will be warned not to proceed.

If you’ve encountered any of Google’s “Safe Browsing” warning messages before (see above image), you know they do their job well. Instead of taking visitors directly to the site in question, a red error page appears, informing web surfers why they may not want to proceed. The messages prompt users to click a “Back to safety” button, but they don’t fully block website access for those determined to continue.

In the past, Google has used warning messages to cut off traffic to sites that host malware or engage in phishing attacks, among other things.

Last November, Google announced that it was expanding its Safe Browsing program to protect against social engineering “attacks,” too. That means it began warning users when these same tactics were used to trick users into installing malicious software, or revealing personal information. With today’s changes, those protections are being expanded to also include advertisements.

You’re probably familiar with these kinds of “advertisements.” Some make claims that some software you run is out of date or needs an update, but is really trying to trick users into installing new, unwanted programs.

Others pretend to be “Download” or “Play” buttons, as if clicking them would provide access to the video content or stream the user had wanted. This is often a problem on illegal online video service websites, which are growing in popularity as more consumers cut the cord with traditional TV.

These ads and embeds can sometimes be hard to identify, even by savvier web users, because they’re often designed in a way to make them indistinguishable from the website’s other content. That is, they look like they’re part of the website’s functionality itself.

Google will now penalize sites that use these tactics or who work with advertisers who do. It says that content that pretends “to act, or look and feel, like a trusted entity” will be considered social engineering content, along with any content that tries to trick users into doing something they would normally only do for a trusted entity, such as sharing a password or calling tech support.

There appears to be some leeway in terms of when Google’s flags and warnings are applied to sites with these ads. The goal is to combat those entities who regularly engage in deceptive advertising, rather than penalize sites where a rogue ad may have sneaked in, such as through an ad network.  According to Google, sites affected will be those where visitors “consistently see social engineering content.”

The changes roll out today, says Google.

More from TechCrunch

image beaconimage beaconimage beacon