Google sends a big juicy smooch to phishing sites: no url bar!

Posted by & filed under Misc, Technology.

I’ve already complained about Google Chrome’s sudden desire to whack the protocol from URL bar (and favicon too, though that’s secondary). Now Google is about to give a big juicy smooch to all the phishers out there — a new experimental feature in Google Chrome — hide that pesky address bar completely. Well, the tool buttons get moved too, but that’s irrelevant. The most relevant part is, should this “feature” go mainstream, phishers will just love Google Chrome — ugly suspicious URLs of fake pages will no longer be visible.

Yes, Google does provide some phishing protection by keeping a database and checking sites against it. But reaction time to a bad URL is not zero. Which means that all phishers have to do is to create a hundred or more replicas of some banking site, and use those to lure customer into giving them credentials, without worrying about URL being http://YourFavoriteBank.BlahBlahEvilDomain.SomethingWeird.

Of course users don’t really need the address bar — some actually always find sites through the Google or whatever is their favorite search engine, so initial search homepage is good enough for them. But all these years users were being educated about looking for “https://” in the toolbar (no longer applicable, now it’s just a green padlock in the Chrome) and making sure the address for online banking is correct (or just typing it in once again). All of that “training” will be erased in the name of extra 10 pixels. Sheesh…

Leave a Reply