Google Chrome only blocking a quarter of phishing websites, researchers claim

Google’s Chrome web browser is only preventing users from visiting around a quarter of suspicious sites that are likely to be part of phishing scams, Which? has claimed.

The consumer group said a study searching the web addresses of 800 newly discovered phishing sites in a web browser saw Chrome block only 28% when used on Windows and 25% on an Apple Mac computer.

Which? said it performed the same test across a number of other web browsers, with Mozilla’s Firefox performing the best by blocking access to 85% of sites when used on Windows and 78% on Mac – the best result on both platforms.

Phishing scams are those where criminals create messages that look genuine in order to trick consumers into clicking a link to a bogus website where viruses could be installed on their device, or having them hand over personal information which can be used to gain access to financial information or online bank accounts.

In response to the findings, a Google spokesman said: “This study’s methodology and findings demand scrutiny.

“For more than 10 years, Google has helped set the anti-phishing standard – and freely provided the underlying technology – for other browsers. Google and Mozilla often partner to improve the security of the web, and Firefox relies primarily on Google’s Safe Browsing API to block phishing – but the researchers indicated that Firefox provided significantly more phishing protection than Chrome.

“It’s highly unlikely that browsers using the same technology for phishing detection would differ meaningfully in the level of protection they offer, so we remain sceptical of this report’s findings.”

Phishing scams can come in the form of emails, text messages and direct messages on social media.

To help counter such scams, the UK’s National Cyber Security Centre (NCSC) advises people to consider carefully before clicking any link they are sent, unsolicited, by an organisation. It also encourages people to look for tell-tale signs including poor spelling or grammar, or a sense of urgency in the messaging to try to encourage a rash decision.

Security experts also warn that if an offer sounds too good to be true, it often is.

“It’s incredibly alarming to see that a huge company like Google is allowing the security of its users to be exposed in this way – a gift to fraudsters who are constantly trying to use phishing attacks as a launchpad for scams that can have a devastating impact on victims,” Which? computing editor Lisa Barber said.

“If you are worried about your safety online, remaining vigilant when clicking a link, installing a top-quality free or paid antivirus package, keeping your browser up to date and signing up to our free scams alerts email will all massively increase your protection from malicious websites.”