Chrome to Debut Truncated URLs to Combat Phishing

Soft consonant constructions are devilishly hard for people who are new to English to understand, and the colloquial form of fishing as ‘phishing’ to describe underhanded and fraudulent information requests on the web is a good example. But if we are to expand on that, many people of any first language will be confused as to why anyone would go to the trouble of ‘phishing’ in the first place.

There’s always going to be people with bad intentions in any walk of life, and yes it does require a significant input of time and effort to set up, test, and then roll out a series of phishing emails or something similar. The reason they go to all of these efforts is – quite plainly – that’s there’s money to be made illicitly when they do find someone who’s gullible enough to click through or do whatever else it is that the phishing email requests of them.

Most younger people who are increasingly more web savvy will be aware enough to avoid falling into the trap, but for others who aren’t that way and have still – like everyone – been forced to exist in an increasingly digital world it is actually a real risk. As a rule, anything that looks amiss with any type of web communication should be a red flag and reason to discard it.

The same goes for any communication that seems ‘odd’ as to why the sender would be sending to you, whether it’s an unsolicited communication or one where it simply seems strange that they would be sending it to you. Here at 4GoodHosting, we can assure you that like any quality Canadian web hosting provider we’ve gone ‘fishing’ many times, but the interest was only ever in catching dinner and enjoying a quiet day on the lake. Obtaining info for fraudulent aims was never part of the equation!

But in all seriousness, this is an ever-bigger issue and in response to it Google is introducing a wrinkle for it’s nearly-ubiquitous Chrome web browser that’s going to make it more difficult for ‘phishers’ to get anyone on the hook.

October’s Here

The Internet giant announced this would debut in October, and here we are on the day after Canadian Thanksgiving so we can safely assume this is going to be arriving soon. But what exactly are we talking about here?

Well, Google will run a trial with their new Chrome 86 browser on its way this month that will hide much of a site’s URL as a way to foil phishing attacks. By experimenting with how URLs are shown in the address bar on desktop platforms, the belief there is that through real-world usage they’re going to find that showing URLs this way will help users realize they’re visiting a malicious website, and protects them from phishing and social engineering attacks.

Participants for the trial phase are going to be chosen randomly. The exact number for how many Chrome users who’ll see the address bar pilot isn’t known, and Enterprise-enrolled devices aren’t going to be included in this Chrome 86 experiment.

Strategic Condensing

Instead of displaying the entire URL in Chrome’s address bar, rather what will happen is that the browser will automatically condense it into what’s going to from hereon out be referred to as the ‘registrable domain,’ or what they are claiming will be the ‘most significant’ part of the domain name. Right, so what’s the criteria for what is or isn’t ‘most significant’ there?

If the full URL for, say, a National Post article is https://www.nationalpost.com/article/3571224/government-to-extend-pandemic-financial-assistance-measures.html then the registrable domain would be nationalpost.com.

The belief here is that by showing only the truncated and now ‘registrable’ domain, it will be more natural for users to look at the address bar and more immediately determine they are in the right place and not being redirected to somewhere they would choose to not be if they weren’t put off from looking at a long and detailed domain at the top of their browser.

Which is fair enough, as most people are in fact naturally inclined to be put off by a long string of letters and characters that they usually see in URLs that are a departure from the home page or something similar.

The idea is that this will ensure they have a means of determining if they’re still at the right place, and not at a malicious site they’d been tricked into visiting. This is important because there are so many different ways that attackers can manipulate URLs to confuse users about a website’s identity, leading to rampant phishing, social engineering and scams.

How to Work With This

For anyone who sees one of these truncated URLs but still has concerns, you can view the complete URL by simply moving the pointer atop the address bar and letting it hover there a moment. This will prompt the Chrome browser to reconstitute the URL to its full form. You can do the same thing this way: Chrome will be showing a new menu item in the right-click menu – ‘Always show full URLs’ – and activating it will set the address bar to show the whole URL for all sites.

Post Navigation