Would you enter your email address and password on this page?
This looks like a fairly standard login page, but it’s not. It’s what we call a “phishing” page, a site run by people looking to receive and steal your password. If you type your password here, attackers could steal it and gain access to your Google Account—and you may not even know it. This is a common and dangerous trap: the most effective phishing attacks can succeed 45 percent of the time, nearly 2 percent of messages to Gmail are designed to trick people into giving up their passwords, and various services across the web send millions upon millions of phishing emails, every day.
To help keep your account safe, today we’re launching Password Alert, a free, open-source Chrome extension that protects your Google and Google Apps for Work Accounts. Once you’ve installed it, Password Alert will show you a warning if you type your Google password into a site that isn’t a Google sign-in page. This protects you from phishing attacks and also encourages you to use different passwords for different sites, a security best practice.
Here's how it works for consumer accounts. Once you’ve installed and initialized Password Alert, Chrome will remember a “scrambled” version of your Google Account password. It only remembers this information for security purposes and doesn’t share it with anyone. If you type your password into a site that isn't a Google sign-in page, Password Alert will show you a notice like the one below. This alert will tell you that you’re at risk of being phished so you can update your password and protect yourself.
Password Alert is also available to Google for Work customers, including Google Apps and Drive for Work. Your administrator can install Password Alert for everyone in the domains they manage, and receive alerts when Password Alert detects a possible problem. This can help spot malicious attackers trying to break into employee accounts and also reduce password reuse. Administrators can find more information in the Help Center.
We work to protect users from phishing attacks in a variety of ways. We’re constantly improving our Safe Browsing technology, which protects more than 1 billion people on Chrome, Safari and Firefox from phishing and other dangerous sites via bright, red warnings. We also offer tools like 2-Step Verification and Security Key that people can use to protect their Google Accounts and stay safe online. And of course, you can also take a Security Checkup at any time to make sure the safety and security information associated with your account is current.
To get started with Password Alert, visit the Chrome Web Store or the FAQ.
Posted by Drew Hintz, Security Engineer and Justin Kosslyn, Google Ideas