Chrome extension, 'Password Alert,' to mitigate phishing attacks

Google has responded to the ongoing threat of phishing attacks with the release of a new browser extension, dubbed 'Password Alert.'

Chrome extension, 'Password Alert,' to mitigate phishing attacks
Chrome extension, 'Password Alert,' to mitigate phishing attacks
As the number one target of phishing attacks, Google has responded to the ongoing threat with the release of a new browser extension, dubbed ‘Password Alert.' The free, open-source Chrome extension is designed to protect its users from phishing attacks with a pop-up warning should a user attempt to type their Google password into an insecure site.

When detecting a fake login page or an unverified site, Password Alert will give users the option to immediately change their passwords in efforts to mitigate potentially compromised accounts.

The extension is also offered to businesses with additional features that allow incident response teams to be alerted of potential phishing attack vulnerabilities. According to Google's release announcement, installing Password Alert on company-wide domain management systems will help identify malicous activity and also reduce password reuse by employees.

“There is something to be learned from what Google has done with respect to protecting customers as they access their accounts,” Webroot Security Intelligence Director, Grayson Milbourne, commented in an email to SCMagazineUK.com. “It would be great to see this same technology extended to other browsers and also to protect other major targets of phishing.”

However, while this is a proactive step forward to thwart phishing attacks, there are also drawbacks to the system-wide automation. While users are prompted by the alert to change their passwords, they are also given the option of ignoring the alert altogether.

“While this may reduce the incidence of accidentally revealing one's Google password, it might also train users to ignore security warning pop-ups,” Kevin Epstein, VP of advanced security and governance at Proofpoint, commented in an email to SCMagazineUK.com.

“In either case,” Epstein warned, “[it] does nothing to block phishing emails or possible other site compromises. If seeking modern security and protection against cyber-attacks, enterprises and SMB alike would be well-advised to deploy a centralised targeted attack protection or threat response system rather than this per-browser Google-only pop-up”

“This is a good time to remind everyone of very simple and effective strategies to keeping online accounts secure,” said Milbourne echoing the sentiment, adding: “First, make sure your primary email password is different from all other passwords. There is a domino effect if you can break into this account. We all hate remembering different passwords, but this one is a must for proper online security.”