Google's Malicious Site Alert in Action (in Gmail)
I’ve been receiving a lot of 419 scam and phishing emails lately (I wonder about the sudden influx of such messages), and there are times I try to check out the sites linked to, just out of academic curiosity. Of course, I do always check target URLs on the status bar before clicking links, and I make sure I’m in a secure environment before opening any sites–I do recall that Windows metafile vulnerability a while back where you can get infected by the mere opening of JPEGs and other media files.
Here’s a pleasant surprise from Gmail. When I clicked on a link in an email that led to a site pretending to be e-gold’s sign-in page, I was alerted with this message.
Google was informing me that the page was actually a “web forgery.” Clicking on the “more” opened up the bubble a bit more with a brief explanation about phishing.
Apparently, Google also does this with sites and web pages listed in its search results. I’m wondering why they don’t just exclude these malicious sites from the search results in the first place, once identified as such, or at least do so by default (while allowing advanced users to turn off such a “safe search” feature).