Skip to Content
Security & Privacy

Chrome will soon warn you against lookalike web address scams

If you’re like most people, Google Chrome is likely your main browser of choice. It has widened its market share to about 67% of all web users, beating out Safari, Firefox, Opera and Microsoft’s Edge and Internet Explorer by a wide margin. And it’s not even close – 2nd place Firefox has a market share of around 10%.

We all like Chrome because of its speed, multi-platform integration, user-friendliness, third-party extensions, incognito mode and its clean and simplified design. And better yet, it has ample privacy and security tools you can employ to protect yourself while browsing the web. Now, it looks like Google is about to roll out a new security feature that is aiming to stop one of the most devious schemes in a hacker’s toolset – typosquatting.

Read on and see how you can test this new feature before everyone else.

Google’s plan to fight typosquatters and URL lookalike scams

Google Chrome will soon get a safety feature that will warn you if you’re trying to visit a site that has a domain name that looks suspiciously close to popular sites. Commonly known as “typosquatting,” this is when cybercriminals secure web addresses or URLs that closely resemble the domain names of a legitimate website, except for a letter or two.

For example, instead of LinkedIn.com, a hacker can send a link from “LunkedIn.com” (notice the “u” instead of the “i”) hoping that it’s enough to fool you.

Scammers can also replace letters with symbols. For example, instead of using a lower case “a” like you find in the “Facebook.com,” they could replace it with an “à.” Notice the little accent mark on top of the character? That may be enough to fool an unsuspecting eye!

Hackers will set up lookalike web pages and login screens to complete the ruse. These are, of course, nothing more than phishing sites designed to steal your personal information, credentials and credit card data. It’s a growing problem so, in response, Google is baking in a new safety feature in its popular Chrome browser to fight these types of malicious typosquatting techniques.

Chrome Canary 74

Google engineers have begun testing a new feature in Chrome Canary 74 called “Navigation suggestions for lookalike URLs.”

Note: Chrome Canary builds are very early beta versions where new and experimental Chrome features are tested. As its name suggests this will provide automatic safety suggestions for web addresses that look very similar to popular sites. For example, if you attempt to visit a site called “amazen.com” (notice the typo), Chrome Canary will display a warning saying “Did you mean to go to http://amazon.com/?”

How to enable this feature

To enable this feature, download and install the latest Chrome Canary build (check out below for the instructions).

Open the browser (it will have an all-orange icon) then paste it on the address bar and hit enter:

 chrome://flags/#enable-lookalike-url-navigation-suggestions

This will take you to Chrome Canary’s flag settings page.

To turn on the lookalike warnings, simply select “Enabled” on the “Navigation suggestions for lookalike URLs” drop-down box then restart your browser.

 

Note: This toggle is available in the regular version of Chrome. However, it’s not as reliable nor developed as the one in the Canary build.

How to try out Chrome Canary

Chrome Beta

 

Google provides beta versions of their popular Chrome browser and you don’t even have to join a beta program. Just go to their Chrome Release Channels page and download the desired release channel.

Their Chrome installers range from the stable, the beta, dev versions, and for the extra adventurous, the Canary build, which has not been tested or used yet.

In this case, install the Canary release.

 

 

Keep in mind that Chrome’s Canary builds have not been tested or used yet, and it’s recommended that you backup your Chrome profile and preferences before installing.

Will Google kill off the URL as we know it?

This is may just the first step in Google’s plan to revamp and even kill off the traditional URL system as we know it. In a recent WIRED interview, the tech giant said that that it wants to “move toward a place where web identity is understandable by everyone.”

Admittedly, URLs can sometimes be very long, confusing, and difficult to understand, giving phishing scammers an opportunity to pounce with fake lookalike sites and redirects. For now, instead of killing off the URL completely, Google will use Chrome’s Safe Browsing features and developer tools like TrickURI to protect users from attackers who use misleading web addresses.

In fact, Google was already moving in this direction by hiding the “www” and “m” subdomains from all the websites you visit with Chrome 69.

Eventually, Google hopes to roll out more safety features that will show the relevant parts of a URL while filtering out the extra stuff that makes them hard to decipher.

Komando Community background

Join the Komando Community!

Get even more digital know-how and entertainment with the ad-free Komando Community! Watch or listen to The Kim Komando Show on your schedule, read Kim's eBooks for free, and get answers in the tech forums.

Join Now