PUBLICATION & RESEARCH LIBRARY

Authors: Morgan Dhanraj, Thomas Skybakmoen and Luis Rojo

Publish Date: November 15, 2017

Phishing attacks gain the trust of users by masquerading as reputable entities to steal login credentials or sensitive account information. Examples of common phishing attacks include an email designed to look like the sender is a credible organization or a disguise that looks like it comes from someone familiar and trusted inside a company such as the IT department.

To protect against malware, leading browser vendors provide cloud-based reputation services, which scour the scour the Internet for malicious websites and then categorize content accordingly, either by adding it to blacklists or whitelists, or by assigning it a score. A web browser requests reputation information about a specific URL, and if results indicate that the website is “bad,” the browser redirects the user to a warning message explaining that the URL is malicious. If a website is determined to be “good,” the browser takes no action and the user remains unaware that a security check was just performed.

To evaluate a browser’s effectiveness in protecting against phishing attacks, NSS’ testing focused on block rates, consistency of protection, and early protection against new threats.

The following products were evaluated:

  • Google Chrome: Version 60.0.3112.113
  • Microsoft Edge: Version 40.15063.0.0
  • Microsoft Internet Explorer: Version 11.483.15063.0
  • Mozilla Firefox: Version 55.0.3

NSS clients can also download the Web Browser Security Comparative Report on Protection Against Socially Engineered Malware (SEM). As with all NSS Labs group tests, there was no fee for participation. In addition, the test methodology applied is in the public domain to provide transparency and to help enterprises understand the results.