Google’s Chrome web browser is only preventing users from visiting around a quarter of suspicious sites that are likely part of phishing scams, according to researchers in the UK.
The British consumer group Which said a study searching the web addresses of 800 newly discovered phishing sites in a web browser saw Google’s Chrome block only 28% when used on Windows and 25% on an Apple Mac computer.
Which said it performed the same test across a number of other web browsers, with Mozilla’s Firefox browser performing the best by blocking access to 85% of sites when used on Windows and 78% on Mac – the best result on both platforms.
Phishing scams are those where criminals create messages that look genuine in order to trick consumers into clicking a link to a bogus website where viruses could be installed on their device, or having them hand over personal information which can be used to gain access to financial information or online bank accounts.
In response to the findings, a Google spokesperson said it was “difficult to comment” because it had “very little context on the methodology of this report” and that until it saw the full report the company said it questions the “validity of the findings”.
“Like many other popular browsers, Chrome uses Google’s Safe Browsing API to protect users from phishing and malware,” the spokesperson said.
“In addition to standard Safe Browsing protection, Chrome offers anti-phishing features such as Predictive Phishing Protection and Enhanced Safe Browsing.”
Phishing scams can come in the form of emails, text messages and direct messages on social media. To help counter such scams, the UK’s National Cyber Security Centre (NCSC) advises people to consider carefully before clicking any link they are sent, unsolicited, by an organisation.
It also encourages people to look for tell-tale signs including poor spelling or grammar, or a sense of urgency in the messaging to try to encourage a rash decision. Security experts also warn that if an offer sounds too good to be true, it often is.
“It’s incredibly alarming to see that a huge company like Google is allowing the security of its users to be exposed in this way – a gift to fraudsters who are constantly trying to use phishing attacks as a launchpad for scams that can have a devastating impact on victims,” Which computing editor Lisa Barber said.
“If you are worried about your safety online, remaining vigilant when clicking a link, installing a top-quality free or paid antivirus package, keeping your browser up to date and signing up to our free scams alerts email will all massively increase your protection from malicious websites.” – dpa