Browser blocking of phishing sites – does the browser provide a phishing solution?
iZOOlogic threat detection and analysis engines are sifting through vast amounts of phishing intelligence and malicious data – sourcing literally thousands of new phishing sites each day. All day and every day.
iZOOlogic provides a swift response to those phishing sites that are targeting our client base – mostly banking and finances brands across the world. iZOOlogic Incident Response shuts down these phishing to protect our client end user communities. What else do we do to provide further protection? We send the phishing URLs to other security vendors and ISPs in order to populate threat databases in the hope that such phishing sites are blocked at internet and network gateways.
Also iZOOlogic sends phishing notification of phishing activities to the web browser vendors to enable browser blocking.
How effective is browser blocking against phishing sites?
The question is – how effective is the browser in blocking against phishing? Let us look into the merits of blocking phishing sites at the browser level.
This is an important question as for many smaller businesses and their consumers this may be the only source of phishing protection.
Our analysis showed that more 76% of phishing sites we never blocked by the browser. This metric is based on the time from our detection of a client phishing site to when we managed to shut the phishing site down. In more than 92% of phishing incidents the browser showed no notification of the phishing URL at the time of phishing site detection. We tested this across a group of common browsers running on Windows 10, notably MS Edge, Firefox, Chrome and Opera. We realize that such sample sets and methodologies have obvious limitations but even our crude level research shows significant findings.
This simple data set clearly demonstrates that the business cannot rely on protecting the end user from phishing by means of the browser. If we consider that not all users will have an updated browser version or may have notification turned off or ignore warnings – shows that the user is likely to be the victim of phishing without a robust anti-phishing detection and response service running silent in the background.