TL;DR: A consumer watchdog company called Which?, which we’ll mention for our grammatical sanity from now on, says Google’s Chrome browser doesn’t recognize the vast majority of phishing websites. Google questions the validity and methodology of the study.
According to the study of the top 800 newly discovered phishing websites, Chrome blocks only 28 percent of them on Windows and 25 percent on macOS. These numbers are in stark contrast to the top-performing browser Firefox, which leads users away from 85 percent of those websites on Windows and 78 percent on Macs.
Google issued a statement to British news channel Independent saying it is skeptical of Welke’s findings.
“The methodology and findings of this study demand close scrutiny. For more than a decade, Google has helped set the antiphishing standard — and freely deliver the underlying technology — for other browsers. Google and Mozilla often collaborate to improve the security of the Internet. and Firefox mainly relies on Google’s Safe Browsing API to block phishing, but the researchers indicated that Firefox offered significantly more protection against phishing than Chrome. [sic] of the findings of this report.”
Phishing scams have been around almost as long as the internet. They often take the form of an email or text message with links to a rogue website disguised as an official login page for any number of legitimate companies. Chrome, Firefox and other browsers try to filter out these suspicious websites.
Spotted a suspicious email, website or text message?
Forward emails to firstname.lastname@example.org
“Text to 7726 (free)
‘ Report a website ⤵️ https://t.co/RLYj8OhoUx pic.twitter.com/uu4Pb9eWUQ
— NCSC UK (@NCSC) March 10, 2022
Phishing scams are easiest to restrict at the user level. Consumers should be wary of unsolicited emails asking for information or asking to log in to a website, no matter how official the email or website looks. Bad grammar or spelling and unusual URLs are other obvious signs that an email isn’t actually from a bank or other website that users often visit.
The UK’s National Cyber Security Center (NCSC) tracks and analyzes phishing scams. It called on users to report suspicious emails, websites and text messages in March. Websites can be reported to the NCSC’s dedicated scam portal, while users can forward emails and text messages to the respective phishing department.