Google, at pains to respond to user requests for protection from the rising wave of phishing campaigns, might have the best of intentions in trying to hide URLs to address this problem, but it misses the point completely.
The search giant is working on an unstable version of its Chrome browser called Canary that might usher in a new design to Chrome by freeing the address bar of an entire URL, and instead displaying only the domain or subdomain.
Google intends for the new development to help Chrome users identify phishing sites – Websites that imitate the whole design of a legit site but use URLs that are obviously different from the copied portal.
There are, however, a few pitfalls in hiding a Web address.
The URL will only be displayed on the Origin Chip in Canary and users will be required to click on it in order to view the domain or subdomain. If this feature becomes a default setting for all Chrome versions in addition to Canary, which I hope won’t pull through, users will be incapable of finding out whether a website they are visiting is genuine or not, exposing billions of users to risk of phishing attacks, contrary to what Google actually wanted to accomplish.
There is also a flaw in Canary that has been recently discovered, which involved the allowable length of URL that would not be displayed. URLs that extend beyond 100 characters will be shown as null on an address bar – in other words, blank, nothing at all.
Ironically, even the most tech-savvy user will be unable to confirm the validity of a link in order to avoid a phishing site.
Phishing campaigns have grown in volume through the years. Attackers mostly employed this scheme in order to lure credulous users into giving up their credit card number, SSN, email address and other sensitive data.
A recent report from Kaspersky Lab indicates that mobile devices are the new target of phishing attacks. It does not come as a surprise, though, given the exponential rise in mobility adoption. At the core of phishing campaign is the abuse of trust. Attackers will first try to build up your confidence that the site you are on is in fact legit. Later, you are likely to find yourself falling victim to malware infections that manipulate your online account for an even wider distribution of phishing emails and messages.
But to begin with, a phishing attack does not rely on malware. So the most immediate solution to this kind of attack is the capacity to distinguish genuine URLs from fake.