How to protect yourself from phishing attacks in Chrome and Firefox

Have you ever been sent a link that doesn't look quite right, but you click on it anyway, only to discover it was malicious? If you did click on that link, you might find yourself on a site that looks legit enough to persuade you to enter sensitive information (such as logins, credit card numbers, and more). If you fall for the trick, you could wind up dealing with a nightmare of epic proportions.

One way to avoid this problem is to enable anti-phishing features in your browser.

Also: 5 browser extension rules to live by to keep your system safe in 2025

You might be thinking, "Why not use an anti-phishing extension?" That's a good question. The answer is simple.

Not every extension can be trusted. More malicious browser extensions are discovered regularly, so don't install extensions without vetting them. But even if you've spent the time vetting an extension, there's no telling if it could be later compromised or if it will wind up blocking legitimate sites and not blocking malicious ones. 

Also: I found a malicious Chrome extension on my system - here's how and what I did next

With that in mind, your best bet is to use your browser's built-in anti-phishing features so you won't be caught unaware. 

Now that you've been reminded of the possible danger of installing third-party software, let's focus on Chrome and Firefox.

How to enable anti-phishing in Chrome

What you'll need: The only thing you'll need for this is an updated Chrome browser. I'll demonstrate this feature on the desktop version of the browser, but the process is similar on the mobile version of the app.

Once you've done this step, you can close Settings and trust that Chrome is better capable of protecting you against phishing attacks.

How to enable anti-phishing in Firefox

1. Open Firefox Settings

Open the Firefox browser and click the three-line menu button in the top-right corner. From the dropdown, click Settings.

2. Go to Privacy & Security

From within Settings, click the Privacy & Security entry in the left sidebar.

3. Locate Security and enable the feature 

Scroll down toward the bottom of the page until you see Security. You want to make sure to enable all three options in that section ("Block dangerous and deceptive content", "Block dangerous downloads", and "Warn you about unwanted and uncommon software".

4. Enable HTTPS-Only mode

Under Security, you'll see the HTTPS-Only Mode option. Click the radio button for "Only use HTTPS in all windows".

For further protection in both browsers, you could also enable Secure DNS (Chrome) and DNS over HTTPS (Firefox) to ensure all DNS queries are encrypted.

Once you've followed these steps, both Chrome and Firefox will be better capable of protecting you from phishing attacks. Do remember, however, that nothing is 100% guaranteed. Even with the extra protection, you should always be aware of what's going on. 

Also: My 5 favorite web browsers - and what each is ideal for

One of the best things you can do when you see a suspect link is copy it, paste it into a notepad, and verify if the domain is legit. 

For example, if the link is supposed to be from Captial One but the domain is something else, it could be a phishing attempt.

Be safe out there.