Study claims up to 75 percent of phishing websites make it past Chrome's defenses

Cal Jeffrey

Posts: 3,500   +1,048
Staff member
TL;DR: A consumer watchdog company called Which?, which for our grammatical sanity we will refer to as Which from here on, says that Google's Chrome browser does not recognize the vast majority of phishing websites. Google questions the study's validity and methodology.

According to Which's study of the top 800 newly discovered phishing websites, Chrome only blocks 28 percent of them in Windows and 25 percent on macOS. These numbers are in stark contrast to the top performing browser Firefox, which redirects users away from 85 percent of those websites in Windows and 78 percent on Macs.

Google issued a statement to the UK news outlet Independent saying it is skeptical of Which's findings.

"This study's methodology and findings demand scrutiny. For more than 10 years, Google has helped set the anti-phishing standard — and freely provided the underlying technology — for other browsers. Google and Mozilla often partner to improve the security of the web, and Firefox relies primarily on Google's Safe Browsing API to block phishing — but the researchers indicated that Firefox provided significantly more phishing protection than Chrome. It's highly unlikely that browsers using the same technology for phishing detection would differ meaningfully in the level of protection they offer, so we remain sceptical [sic] of this report's findings."

Phishing scams have been around for almost as long as the internet. Often they take the form of an email or text message with links to a fraudulent website disguised as an official login page for any number of legit companies. Chrome, Firefox, and other browsers try to filter out these suspicious websites.

Phishing scams are most easily mitigated at the user level. Consumers should be suspicious of unsolicited emails asking for information or requesting they log into a website, no matter how official the email or website may appear. Poor grammar or spelling and unusual URLs are other obvious signs that an email is not really from a bank or another website users frequent.

The UK's National Cyber Security Centre (NCSC) tracks and analyzes phishing scams. It called on users to report suspicious emails, websites, and text messages back in March. Websites can be reported to the NCSC's dedicated scam portal, while users can forward emails and text messages to its respective phishing division.

Permalink to story.

 

MaXtor

Posts: 406   +418

I would argue that regardless of a browser blocking phishing sites, more Firefox users are less susceptible to phishing attempts. Chrome is essentially the go to browser, those who choose Firefox (in general) tend to be more technically inclined. (I'm not saying all Chrome users aren't technically literate, many are)

Of course, that's not being taken into account in this study.

In all likelihood, the difference is that Firefox doesn't whitelist the ones that pay Google money.
I wonder, makes sense to me.
 

envirovore

Posts: 468   +875
TechSpot Elite
Firefox has been my browser of choice since its official release, and been using it for my mobile browser for...I can't even recall how long.
Locked down and loaded with the usual anti ad/anti tracking add ons.

If for some reason the strict settings break a site with forms I have to fill out I'll load up Edge on PC (which, after having to use for work is alright).