Google Search Will Start Flagging Adverts For Deceptive Social Engineering Content

4 February 2016

Google Online Security:

In November, we announced that Safe Browsing would protect you from social engineering attacks – deceptive tactics that try to trick you into doing something dangerous, like installing unwanted software or revealing your personal information (for example, passwords, phone numbers, or credit cards). You may have encountered social engineering in a deceptive download button, or an image ad that falsely claims your system is out of date. Today, we’re expanding Safe Browsing protection to protect you from such deceptive embedded content, like social engineering ads.

Consistent with the social engineering policy we announced in November, embedded content (like ads) on a web page will be considered social engineering when they either:

  • Pretend to act, or look and feel, like a trusted entity — like your own device or browser, or the website itself.

  • Try to trick you into doing something you’d only do for a trusted entity — like sharing a password or calling tech support.

These kind of phishing attacks are everywhere, but typically hard to algorithmically detect as most of them are made up as images, which computers struggle to analyse. I’m happy to see Google ramping up its efforts to identify these kind of scams; I’ve been tricked into clicking through on these faux popups once or twice. Everyone has, I think. What’s sort of weird, though, is that these scams are very common on Google’s own AdSense network. Ironically, its Safe Browsing team will be flagging a lot of content that its own servers publish.