Phishing pages are tricky by nature: they look like standard login pages, but are actually faux sites run by people looking to receive and steal passwords. Google is taking steps to thwart this common and dangerous trap with its Password Alert service.
Password Alert is an open-source Chrome extension that Google and Google Apps for Work Accounts. Once you’ve installed it, it shows a warning if a user types her Google password into a site that isn’t a Google sign-in page. The idea is to protect from phishing attacks and also to encourage web denizens to use different passwords for different sites, a security best practice.
“The most effective phishing attacks can succeed 45% of the time, nearly 2% of messages to Gmail are designed to trick people into giving up their passwords, and various services across the web send millions upon millions of phishing emails, every day,” said Drew Hintz, security engineer and Justin Kosslyn from Google Ideas, in a blog post.
For consumer accounts, once Password Alert is installed and initialized, Chrome will remember a “scrambled” version of the Google Account password. So if a user types a password into a site that isn’t a Google sign-in page, an alert pops up warning of being at-risk of being phished.