Study suggests significant differences in how good browsers are at preventing users from visiting scam websites.
Last year was a record-breaking 12 months for online scams.
According to the latest figures from the National Cyber Security Centre (NCSC), the UK’s cybersecurity unit, a massive 2.7 million attempted scams were prevented last year.
That’s almost four times more than the year before.
Phishing scams were a particularly common form of scam.
This is where scammers try to con you into sharing your personal or financial details, often by posing as a legitimate business or organisation that you have some form of relationship with.
For example, the NCSC revealed that it removed 1,400 NHS-themed phishing campaigns across 2021, an incredible 11 times more than in 2020.
Obviously, a lot of work is going into keeping these scammers at bay and therefore reducing the chances of one of us being duped into sharing details that should be kept private.
However, the way that you choose to surf the internet will have a bearing on how exposed you may be to phishing scams.
And a new study from the consumer champions at Which? has found that some browsers do a far better job at protecting users from these scams than others.
How the tests worked
The team at Which? put the browsers to the test by entering the web addresses of 800 newly-discovered phishing sites into each of the browsers shortly after the sites had been detected as scams.
The idea is that a secure browser will recognise that the site is being employed as part of a scam, and therefore block the user from being able to access it.
The browsers were also tested to ensure they have the balance right and don’t simply block access to regular websites as a result of false positives, which could make using the internet overly cumbersome.
The safest browsers
The contrast in results turned up by the Which? investigation is startling.
Here is how the main four browsers performed when tested on Windows and Mac systems, with the percentage of phishing sites the user was prevented from reaching:
|
Browser |
Percentage of phishing sites prevented (Windows) |
Percentage of phishing sites prevented (Mac) |
|
Mozilla Firefox |
85% |
78% |
|
Microsoft Edge |
82% |
N/a |
|
Apple Safari |
N/a |
77% |
|
Opera |
56% |
56% |
|
Google Chrome |
28% |
25% |
There are a few really notable aspects of these results for me. First, Google Chrome ‒ the most used web browser in the country ‒ is also hands down the worst at providing users with some protection against scammers.
As someone who uses Chrome a lot, this has been particularly eye-opening.
By contrast, Firefox performed far more impressively, protecting users from the bulk of phishing attacks across both operating systems.
The two native browsers, Edge (for Windows users) and Safari (for Mac users) also did a decent job at keeping the scammers at bay.
Another aspect worth highlighting here is the fact that even the best browser at picking up phishing scams did less well on Mac systems than on Windows, while Google Chrome’s performance was even less impressive on Mac than Windows.
Working together
It’s worth noting that Google has questioned the results of the investigation, pointing to the fact that both Google and Mozilla have worked together on security measures, while Firefox makes use of Google’s ‘safe browsing API’ in order to block phishing attacks.
While it may be true that these browsers make use of similar infrastructure, the results of this test suggest that some browsers are doing a better job of putting that technology to work in guarding users.
Protecting yourself
It would be wonderful to have internet browsers that are flawless when it comes to preventing us from ending up on dodgy websites, but realistically that’s asking an awful lot.
As a result, it’s important for all of us to take steps to protect ourselves from phishing scams, irrespective of our browser of choice.
From the outset, it’s important to keep a close eye on the details. Scammers often use websites where the spelling is only slightly different from the legitimate business ‒ perhaps even misspelling a vital word ‒ so that it looks genuine.
However, if you double-check those URLs, you are well placed to spot if it’s a scam attempt.
Similarly, it’s important to be on your guard about sharing any details.
Is the information you’re being asked to provide relevant for the service you’re using? Is it the sort of thing you’d normally share? If you’re even slightly sceptical, it’s a good idea to step away.
It’s also really important to think about why you are being asked to visit a specific website.
Has the request come somewhat out of the blue? Did it come from someone you trust?
Again, being a little guarded and sceptical can help protect you from falling prey to a phishing scam.