What is phishing and malware? A phishing attack takes place when someone masquerades as someone else to trick you into sharing personal or other sensitive information with them, usually through a fake website. Malware is software that gets installed on your machine often without your knowledge, and is designed to harm your computer or potentially steal information from your computer. For more pointers on keeping your family safe on the web, read Google’s Tips for Online Safety. Learn about other security settings and additional technologies, such as sandboxing and auto-updates, that Google Chrome uses to keep you safe on the Web. Google downloads a list of information to your browser about sites that may contain malicious software or engage in phishing. On the list, each URL is hashed (obscured so it can’t be read) and then broken into portions. Your browser creates hashed versions of URLs that you visit, and checks them against the list. If the URLs match the list, your browser will contact Google’s servers to request the full list — not just portions — of the hashed URLs that are believed to be risky. Your computer can then determine if you are visiting a risky site, and warn you about it. When your computer contacts Google to get more information about a specific hashed URL fragment, or to update the list, we receive standard log information including your IP address and possibly a cookie. This information does not personally identify you, and is retained only for a period of weeks. Google Chrome Phishing and Malware alerts: Here are the messages you may see when phishing and malware detection is enabled: Warning: Something’s Not Right Here! This message appears if Google Chrome detects that the site you’re trying to visit may have malware. This is probably not the site you are looking for! This message appears when the URL listed in the site’s certificate doesn’t match the site’s actual URL. The site you’re trying to visit may be pretending to be another site. The site’s security certificate is not trusted! This message appears if the certificate wasn’t issued by a recognized third-party organization. Since anyone can create a certificate, Google Chrome checks to see whether a site’s certificate came from a trusted organization. The site’s security certificate has expired! These messages appear if the site’s certificate is not up-to-date. Therefore, Google Chrome can’t verify that the site is secure. The server’s security certificate is revoked! This message appears if the third-party organization that issued the site’s certificate has marked the ssl as invalid. Therefore, Chrome can’t verify that the site is secure.