Google’s latest attempt to crack down on phishing: Firm says it will ban logins that use embedded browsers to cut out the ‘middle man’
- In June, Gmail will require users to use dedicated mobile browser to log in
- The move is in an effort to prevent harmful phishing scams targeting credentials
- Phishing expeditions have become increasingly more complex over the years
- Google has released a host of new security features in recent months
Google is trying to cut out the ‘middle man’ by disallowing logins from embedded browsers — a move they will add an extra layer of cyber security.
According to the company, the change will start in June and will prevent logins that don’t take place within a dedicated web browser like Safari, Chrome, or Firefox.
While many applications use embedded browsers as a means of convenience, allowing users to stay in an app to input their credentials as opposed to having to jump to a dedicated mobile browser, Google said the feature puts users at unneeded risk.
Google has bolstered a number of security features to help protect its users from phishing and more. According to the company, the change will start in June and will prevent logins that don’t take place within a dedicated web browser like Safari, Chrome, or Firefox
A major concern, said the company, is a type of phishing scam known as ‘man in the middle.’
‘One form of phishing, known as “man in the middle” (MITM), is hard to detect when an embedded browser framework… or another automation platform is being used for authentication,’ reads a blog post.
‘MITM intercepts the communications between a user and Google in real-time to gather the user’s credentials (including the second factor in some cases) and sign in.’
Because Google can’t differentiate between someone attempting to phish an account and the legitimate owner, it has decided to completely scrap embedded logins, said the company.
Similarly, Google has also introduced ‘safe browsing’ features that notify users when they’re browsing a potentially harmful website and added notification features that let users know when their account is signed into from a new device.
With the rise of mobile app usage and connectivity, phishing scams have spread across the internet rapidly through the last several years.
Many involving the use of email have also become increasingly more sophisticated.
In 2017, one particularly effective attack on Gmail users was orchestrated by scammers who, with access to one victims email account, were able to impersonate that person in order to infect the computers of the first victims’ contacts.
Hackers have become more sophisticated in their attempts to glean critical password and login information. Stock image
Disguised as the first victim, scammers would send a fake Google Doc containing a phishing link to one or more of their a contacts using victim one’s email address.
If opened, the second victim would be sent to a fake Google login page where the scammers would harvest the credentials of victim two.
The phishing expedition compromised the accounts of at least 1 million Gmail accounts according to Forbes.
Doing away with embedded logins comes on the heels of a host of new security features announced by Google this month that specifically target phishing and look to educate on ‘best practices.’