Google will now warn users when websites host deceptive ‘social engineering’ ads

[Update: Google published this news today on its corporate blog, but this was previously announced earlier this year. We’ve asked Google to clarify why it was republished, if that was in error, or if it represents any changes since the first announcement.]

Google says it’s expanding its efforts at keeping web surfers better protected from deceptive content online through an update to its “Safe Browsing” initiative. The search giant will now flag and warn users when they encounter web sites with what Google calls “social engineering” advertisements. These are ads that try to trick users into thinking they’ve received a message from a trusted entity – like a web browser notification, software update, PC error message, or the website itself, for example.

Going forward, Google says that sites running these types of advertisements or hosting this content will now be flagged by Google and visitors will be warned not to proceed.

If you’ve encountered any of Google’s “Safe Browsing” warning messages before (see above image), you know they do their job well. Instead of taking visitors directly to the site in question, a red error page appears, informing web surfers why they may not want to proceed. The messages prompt users to click a “Back to safety” button, but they don’t fully block website access for those determined to continue.

In the past, Google has used warning messages to cut off traffic to sites that host malware or engage in phishing attacks, among other things.

Last November, Google announced that it was expanding its Safe Browsing program to protect against social engineering “attacks,” too. That means it began warning users when these same tactics were used to trick users into installing malicious software, or revealing personal information. With today’s changes, those protections are being expanded to also include advertisements.

pasted image 0 (4)

You’re probably familiar with these kinds of “advertisements.” Some make claims that some software you run is out of date or needs an update, but is really trying to trick users into installing new, unwanted programs.

Others pretend to be “Download” or “Play” buttons, as if clicking them would provide access to the video content or stream the user had wanted. This is often a problem on illegal online video service websites, which are growing in popularity as more consumers cut the cord with traditional TV.

pasted image 0

These ads and embeds can sometimes be hard to identify, even by savvier web users, because they’re often designed in a way to make them indistinguishable from the website’s other content. That is, they look like they’re part of the website’s functionality itself.

pasted image 0 (5)

Google will now show warnings on sites that use these tactics or who work with advertisers who do. It says that content that pretends “to act, or look and feel, like a trusted entity” will be considered social engineering content, along with any content that tries to trick users into doing something they would normally only do for a trusted entity, such as sharing a password or calling tech support.

There appears to be some leeway in terms of when Google’s flags and warnings are applied to sites with these ads. The goal is to combat those entities who regularly engage in deceptive advertising, rather than penalize sites where a rogue ad may have sneaked in, such as through an ad network. According to Google, sites affected will be those where visitors “consistently see social engineering content.”

*Update: Google says it’s unsure at this time how this content was republished again to its corporate blog this morning, and is looking into it. This news was previously announced.