Posts: 3,498 +1,043
TL;DR: A consumer watchdog company called Which?, which for our grammatical sanity we will refer to as Which from here on, says that Google's Chrome browser does not recognize the vast majority of phishing websites. Google questions the study's validity and methodology.
According to Which's study of the top 800 newly discovered phishing websites, Chrome only blocks 28 percent of them in Windows and 25 percent on macOS. These numbers are in stark contrast to the top performing browser Firefox, which redirects users away from 85 percent of those websites in Windows and 78 percent on Macs.
Google issued a statement to the UK news outlet Independent saying it is skeptical of Which's findings.
"This study's methodology and findings demand scrutiny. For more than 10 years, Google has helped set the anti-phishing standard — and freely provided the underlying technology — for other browsers. Google and Mozilla often partner to improve the security of the web, and Firefox relies primarily on Google's Safe Browsing API to block phishing — but the researchers indicated that Firefox provided significantly more phishing protection than Chrome. It's highly unlikely that browsers using the same technology for phishing detection would differ meaningfully in the level of protection they offer, so we remain sceptical [sic] of this report's findings."
Phishing scams have been around for almost as long as the internet. Often they take the form of an email or text message with links to a fraudulent website disguised as an official login page for any number of legit companies. Chrome, Firefox, and other browsers try to filter out these suspicious websites.
Spotted a suspicious email, website or text message?— NCSC UK (@NCSC) March 10, 2022
" Forward emails to firstname.lastname@example.org
" Forward a text to 7726 (free)
' Report a website ⤵️ https://t.co/RLYj8OhoUx pic.twitter.com/uu4Pb9eWUQ
Phishing scams are most easily mitigated at the user level. Consumers should be suspicious of unsolicited emails asking for information or requesting they log into a website, no matter how official the email or website may appear. Poor grammar or spelling and unusual URLs are other obvious signs that an email is not really from a bank or another website users frequent.
The UK's National Cyber Security Centre (NCSC) tracks and analyzes phishing scams. It called on users to report suspicious emails, websites, and text messages back in March. Websites can be reported to the NCSC's dedicated scam portal, while users can forward emails and text messages to its respective phishing division.