The developers behind the Google Chrome browser have announced in a
blog post that they will begin testing a new way to help defend against the increasing threat of phishing attacks. Stemming from a
report in collaboration between Google and University of Illinois at Urbana-Champaign, researchers found that "more than 60% of users were fooled when a misleading brand name appeared in a URL’s path." Additionally, when using a long subdomain, only 25.8% of people tested were able to correctly identify the domain and when asked, 67% of the participants in the study reported that they encountered a malicious website at least monthly.
Via Google blog post
Based on these findings, and the fact that such a high percentage are fooled by deceptive links, Google has decided to experiment with the latest update for the Chrome browser, Chrome 86. For users who are included in the experimental group, rather than always show the full string of the URL for the website that they are on, the address bar will only show the registrable domain. The goal in doing this is to make it easier to tell what the domain is in an attempt to help users better identify what website they are currently on. As to be considerate towards their business users, Google states that the experiment will not be rolled out to any devices which are Enterprise-enrolled and is able to opted out of.
When highlighting the shortened URL in the address bar, users will be able to see the full string expand in the event that they have a reason to verify any information contained within. Additionally, Google is allowing users to opt out of the experiment by clicking on a setting by right clicking on the domain and selecting "Always show full URLs". This change in how URL's are shown to users of the Chrome browser could have a very positive impact on users ability to identify deceptive websites and a decrease in the number of people how fall victim to phishing websites.
