Google Chrome “the worst browser to stop phishing attacks”
The popular browser only blocks a quarter of phishing attacks, according to Which? investigation.
Researchers found that Google Chrome only blocked investigators from reaching 28% of phishing sites they tried to access on Windows and only 25% on Mac. By comparison, the top-performing Firefox, created by the nonprofit Mozilla Foundation, stopped 85% of phishing attacks on Windows and 78% on Mac.
Phishing attacks can happen in different ways, including via emails, text messages or questionable online advertising. If a user attempts to visit the web address by searching for it in their web browser, a good browser will detect a phishing attempt and block the user from accessing the site.
Phishing attacks are designed to trick users into entering sensitive data, such as payment details, passwords, and other personal information. This data can then be used by cybercriminals to access online accounts and steal money.
Hacker sites can impersonate any type of website, such as banks or delivery companies, but scammers also often impersonate UK government departments, such as HMRC and DVLA.
In order to test whether each web browser was able to correctly detect phishing attacks, Which? consisted of searching the web addresses of 800 newly discovered phishing sites very soon after they were first discovered in every web browser.
The test also checked whether top-performing browsers were simply too aggressive with blocking sites, generating “false positives” that make web browsing unnecessarily cumbersome to use.
The top-performing Firefox prevented more phishing attacks than Microsoft Windows’ default browser, Edge, which blocked 82% of phishing attacks, and Apple MacOS’ default browser, Safari, which blocked 77% of attacks. Meanwhile, Opera only managed to prevent 56% on Mac and Windows operating systems.
Who? said web browsers must be able to effectively detect and block known phishing sites by accessing a database. However, browsers must also be able to detect new and emerging phishing attempts and block them as quickly as possible.
Phishing sites tend not to last very long. Once detected, they can be blocked but some still sneak on the net and scammers can launch new URLs very quickly.
When which one? shared its test information and results, Google questioned the results.
A Google spokesperson said, “The methodology and results of this study warrant careful consideration. For more than 10 years, Google has helped set the anti-phishing standard (and provided the underlying technology for free) for other browsers.
“Google and Mozilla often team up to improve web security, and Firefox primarily relies on Google’s Safe Browsing API to block phishing – but researchers have reported that Firefox provides much more phishing protection. browsers using the same technology for phishing detection are highly unlikely to differ significantly in the level of protection they provide, so we remain skeptical of the findings of this report.
However, which one? believes the survey shows the company needs to do more to detect and prevent phishing attacks on Chrome.
Lisa Barber, Which one? The IT publisher, said: “It is incredibly alarming that a huge company like Google allows the security of its users to be exposed in this way – a gift for fraudsters who constantly try to use attacks. as a launching pad for scams that can have a devastating effect on victims.
“If you’re worried about your online safety, stay alert when clicking on a link, install a premium free or paid antivirus package, keep your browser up to date, and sign up for our free email alerts. scams will significantly increase your protection against malicious websites.”