Google Chrome worst browser for preventing phishing attacks in Which? tests
The most popular computer web browser put in the poorest performance when blocking phishing attempts in our tests.
Google’s Chrome has come bottom of a Which? test designed to find out the best browser for blocking phishing attacks. Phishing websites are designed to trick you into entering data, such as payment details, passwords or other personal information. This data can then be used by scammers to gain access to your online accounts or steal money.
Top in our test was the Firefox browser made by the not-for-profit Mozilla Foundation. It shows that, despite its small browser market share, this David can truly take on the web's Goliath when it comes to phishing protection.
Keep reading to find out more about how all the browsers, for both Windows and Mac, fared in our tests, what these results mean to you and how you can protect yourself from phishing attacks.
Want to make sure your computer is protected? Install the best free or paid-for antivirus software, as revealed by our independent lab tests.
Best and worst browsers for phishing detection
Here we show you which browsers performed best in our independent tests, depending on which operating system they were installed on. The percentage score is the proportion of phishing sites the browser prevented the user from reaching.
Windows
- 85% Mozilla Firefox
- 82% Microsoft Edge
- 56% Opera
- 28% Google Chrome
Mac
- 78% Mozilla Firefox
- 77% Apple Safari
- 56% Opera
- 25% Google Chrome
Google Chrome is used by 67.3% of computer users online, according to web analytics company Statcounter, making it by far the most popular web browser. Therefore its performance in our phishing test might come as a surprise.
Our top-scorer, Firefox, doesn’t have a huge user base (just 7.5%). However, it is slightly ahead of the Microsoft Windows default browser Edge, and the Apple macOS default browser Safari. Plus it's some distance ahead of Opera and miles ahead of Chrome.
Tech tips you can trust – get our free Tech newsletter for advice, news, deals and stuff the manuals don't tell you
How our Which? phishing test works
Phishing sites don’t tend to last very long. Once they have been detected by security companies and web browsers, they are immediately blocked and are therefore no longer of use to the scammers. This normally happens in a matter of hours.
As such, our test involves checking 800 newly discovered sites very shortly after they are first discovered. A web browser staying on top of the very latest phishing sites is great. But even better is one detecting a phishing attempt by itself, without needing to access a database of known phishing sites – this means even a new phishing site will still be blocked.
We also checked to see whether the best performing browsers were simply overly aggressive with blocking sites, throwing up ‘false positives' that make browsing the web more annoying to use.
We shared this testing information with Google.
What Google said
When we asked Google to respond to our research, a spokesperson said that they disputed our findings and methodology.
"For more than 10 years, Google has helped set the anti-phishing standard — and freely provided the underlying technology — for other browsers," they said.
"Google and Mozilla often partner to improve the security of the web, and Firefox relies primarily on Google's Safe Browsing API to block phishing – but the researchers indicated that Firefox provided significantly more phishing protection than Chrome.
"It’s highly unlikely that browsers using the same technology for phishing detection would differ meaningfully in the level of protection they offer, so we remain sceptical of this report’s findings.”
What the results mean to you
While Google Chrome came bottom in our test, that doesn’t mean you’ll necessarily end up on a phishing site if you click a dodgy link through Chrome. Our test, for example, doesn’t differentiate between widely shared phishing sites and those that never received a single visitor (aside from our test computers).
It also doesn’t take into account how people actually find phishing links. They’re often shared via email and messaging platforms, many of which have their own phishing detection systems, so you have an added layer of protection there as well.
However, it does show that choosing a different web browser does make a difference when it comes to the last line of defence against phishing.
How you can stay safe from phishing attacks
Our tests of the best antivirus software focus not just on malware but also phishing protection. We’ve found that even free anti-phishing tools can massively increase your protection from malicious websites and are well worth installing if you’re worried.
Which? also has a wealth of tips on staying safe from scams, including our free Scam Alerts email. Our guide on how to spot a fraudulent or scam website is full of useful tips on how to avoid getting caught out.
Our top three phishing tips
Some basic diligence you should always do when clicking on a new link shared with you includes:
- Double-check the domain name (the bit in the address bar, such as www.which.co.uk). Is it actually the website you thought you were going to, or is it a misspelling or something completely different?
- Is the information being asked for relevant and do you normally give this information? Is a website asking for extra payment or login details that you don’t normally provide?
- Were you expecting to receive the link? Did the link come from someone you rarely speak to, or in a way that is out of character?
If you spot any of these three things, it could be a scam or a phishing link.
Sign up for Which? Tech Support
- One-to-one support from our friendly Tech Support team, ready to respond to unlimited member queries
- Receive the UK's largest computing and technology title, published six times a year
- Easy, jargon-free advice so you can make the most of your tech products.
You can sign up online to Which? Tech Support, or contact our helpful customer service team today on 029 2267 0000.
