Last week Google released Password Alert, a Chrome extension intended to help users avoid phishing attacks and keep passwords safe by preventing users from inputting their Google password on other sites and from reusing Google passwords on non-Google sites. Whenever a Google password is input into a website, Password Alert shows a message saying "Your Gmail password was just exposed to a non-Gmail page," and tells users to change their Gmail password immediately. While many users would likely tell you they know the difference between a phishing site and the real thing, phishing continues to be an issue and some of the most used and trafficked sites and apps are still targets. Says Andy Greenberg for Slate/Wired: "Phishing remains one of the most serious and intractable problems in information security, and is often the initial breach point for hacker schemes ranging from mass credit card harvesting to sophisticated, state-sponsored targeted attacks. Google estimates that as many as 45 percent of some well-crafted phishing emails can successfully trick users, and that 2 percent of all Gmail messages it sees are phishing attempts. A Verizon report published earlier this month found that a phishing campaign launched against a target corporation or agency can find a gullible user and gain an initial point of compromise within as little as 80 seconds."
It isn't as easy as a Chrome add on to instill in users the kind of wariness and discipline that will keep them safe online. As this blog has previously discussed, increased awareness and education are needed as opposed to tools that blunt a user's ability to compromise themselves unknowingly. Tools will always be vulnerable, and the best weapon more likely to be awareness of the dangers facing users.