The number of phishing attempts continues to grow each year and really has gotten out of hand. In fact, Wikipedia says that about 100 billion spam messages (as of June 2007) are sent each and every single day. To put this into perspective, that accounts for about 80-85% of all incoming messages that a user receives in a days time. As the number continues to grow, more and more preventative measures are being put in place to help keep people from becoming victims of the phishing attempts. Most of us these days can rely on web browsers like Firefox and Opera to help alert us when needed, but sites like Google are also getting in and finding ways to protect their users.
One of the many ways Google is helping to protect their users is a new phishing warning that shows up if someone attempts to visit a site that is used for phishing by clicking on a link in the search results. The warning you’d receive (image from Google Operating System) tells you that they suspect web forgery and that the user should return to the results page and pick a new result.
While this is another nice extra layer of protection, our only question is why Google would even display a phishing site in the results if they already knew that it was a problem?
Google has done this for a while, just usually for malware sites.
I think it’s probably better that google shows a warning, since it helps educate people about phishing.
“While this is another nice extra layer of protection, our only question is why Google would even display a phishing site in the results if they already knew that it was a problem?”
Because some times there’s genuine reasons to show these sites. Some/most piracy website come up in Google as malware but people still visit them. Plus if they didn’t show these malware websites, it would make it harder for the genuine sites to find them and take action. Google makes it so awkward to actually visit the site that 90% of people won’t unless they really want to.
How do sites get listed as malware sites? I have run across 2 sites in the last week listed by Google as malware when in fact they were simply politically incorrect. IMHO some sites are being included in a malicious attempt to censor what some people do not like. The latest example I have run across is: [conservativethoughts.us] which I discovered by searching Google for for minimum wage conservative. I teach a political science course and was looking for content from both the liberal and the conservative viewpoints.
Does anyone else think this is disturbing? Are Google employees tagging sites as malware? This is one of the most disturbing things I have seen on the web.
hehe. the spam protection word was fish. anyways
@ blog poster:
Firefox has a built in phishing detector that cross references with Google or any other source you specify, so it might show up those other times. “Tell me if the site I’m visiting is a Suspected forgery [x] check using Google”
Yes, I agree Google can simply filter and hide the phishing sites. For malware ones it is a different story since the site can be genuine but malware-infested.
Given the example you just gave of a site that wasn’t malware but was listed by Google as such, I can see why Google doesn’t automatically remove them from their search listings. For Phishing sites though, I think they should be immediately removed from the search results.
I’ve known some people who have had their sites hacked and injected with malware links. That then throws up flags over at Google. So it may not seem like there is anything bad at the site, but you really don’t know until you go digging through the code.