Phishing is a form of social engineering where attackers try to get you to reveal your sensitive information through malicious links, SMS, QR codes, and more. Here’s how to protect yourself in Chrome and Firefox.
Have you ever been sent a link that doesn’t look quite right, but you click on it anyway, only to discover it was malicious? If you did click on that link, you might find yourself on a site that looks legit enough to persuade you to enter sensitive information (such as logins, credit card numbers, and more). If you fall for the trick, you could wind up dealing with a nightmare of epic proportions.
One way to avoid this problem is to enable anti-phishing features in your browser.
You might be thinking, “Why not use an anti-phishing extension?” That’s a good question. The answer is simple.
Not every extension can be trusted. More malicious browser extensions are discovered regularly, so don’t install extensions without vetting them. But even if you’ve spent the time vetting an extension, there’s no telling if it could be later compromised or if it will wind up blocking legitimate sites and not blocking malicious ones.
With that in mind, your best bet is to use your browser’s built-in anti-phishing features so you won’t be caught unaware.
Now that you’ve been reminded of the possible danger of installing third-party software, let’s focus on Chrome and Firefox.
How to enable anti-phishing in Chrome
What you’ll need: The only thing you’ll need for this is an updated Chrome browser. I’ll demonstrate this feature on the desktop version of the browser, but the process is similar on the mobile version of the app.
1. Open Chrome Settings
Open your Chrome browser and then open Settings by clicking the three-dot menu in the upper right-hand corner. From the drop-down menu, click Settings.
2. Go to “Privacy and security”
From the left sidebar, click “Privacy and security” and then click Security in the right pane.
3. Enable “Enhanced protection”
In the Security section, you’ll find three options under Safe Browsing: “Enhanced protection”, “Standard protection”, and “No protection”, You want to make sure to enable “Enhanced protection”.
4. Enable “Secure connections”
To bolster the Enhanced protection option, scroll down under “Secure connections” and click the On/Off slider for “Always use secure connections” until it’s in the On position.
When you do this, Chrome can protect you against sites that don’t use secure connections. Many phishing sites do not use secure connections because they’d have to apply for an SSL certificate, which would leave a paper trail leading toward the attacker.
Once you’ve done this step, you can close Settings and trust that Chrome is better capable of protecting you against phishing attacks.
How to enable anti-phishing in Firefox
1. Open Firefox Settings
Open the Firefox browser and click the three-line menu button in the top-right corner. From the dropdown, click Settings.
2. Go to Privacy & Security
From within Settings, click the Privacy & Security entry in the left sidebar.
3. Locate Security and enable the feature
Scroll down toward the bottom of the page until you see Security. You want to make sure to enable all three options in that section (“Block dangerous and deceptive content”, “Block dangerous downloads”, and “Warn you about unwanted and uncommon software”.
4. Enable HTTPS-Only mode
Under Security, you’ll see the HTTPS-Only Mode option. Click the radio button for “Only use HTTPS in all windows”.
For further protection in both browsers, you could also enable Secure DNS (Chrome) and DNS over HTTPS (Firefox) to ensure all DNS queries are encrypted.
Once you’ve followed these steps, both Chrome and Firefox will be better capable of protecting you from phishing attacks. Do remember, however, that nothing is 100% guaranteed. Even with the extra protection, you should always be aware of what’s going on.
One of the best things you can do when you see a suspect link is copy it, paste it into a notepad, and verify if the domain is legit.
