Chrome’s hidden lookalike detection feature battles URL imposters
Most of us have suffered from fat-fingered browsing before, mistyping website URLs and getting taken to the wrong place. Some of us have fallen victim to hyperlinks that look like legitimate websites at first glance but which are deliberately misspelled. Now, Chrome will try to save us from lookalike sites by detecting them and flagging up a warning.
Google has given its web browser a new feature that checks before it sends you to misspelled versions of popular sites. The feature, first called “Navigation suggestions for Lookalike URLs”, reportedly appeared in the Canary release of Chrome 70. Canary releases test new features on early adopter users so that Google can refine them before releasing them into the mainstream.
When activated, the security measure checks for misspelled sites, where it’s likely that the user intended to visit a popular url. It will display a link to the site that it thinks the user might have wanted to visit.
Sometimes, users intentionally mistype websites. The letter o on your keyboard is close enough to the zero that typing g00gle.com could be a legitimate mistake. More often, criminals deliberately register misspelled versions of websites for phishing or malware attacks, in an process known as typosquatting. By substituting a 1 for an l, or by transposing characters, attackers can create domains – and sites – that look real, using them for phishing attacks.