Have you ever been sent a link that doesn’t look quite right, but you click on it anyway, only to discover it was malicious? If you did click on that link, you might find yourself on a site that looks legit enough to persuade you to enter sensitive information (such as logins, credit card numbers, and more). If you fall for the trick, you could wind up dealing with a nightmare of epic proportions.
One way to avoid this problem is to enable anti-phishing features in your browser.
Also: 5 browser extension rules to live by to keep your system safe in 2025
You might be thinking, “Why not use an anti-phishing extension?” That’s a good question. The answer is simple.
Not every extension can be trusted. More malicious browser extensions are discovered regularly, so don’t install extensions without vetting them. But even if you’ve spent the time vetting an extension, there’s no telling if it could be later compromised or if it will wind up blocking legitimate sites and not blocking malicious ones.
Also: I found a malicious Chrome extension on my system – here’s how and what I did next
With that in mind, your best bet is to use your browser’s built-in anti-phishing features so you won’t be caught unaware.
Now that you’ve been reminded of the possible danger of installing third-party software, let’s focus on Chrome and Firefox.
How to enable anti-phishing in Chrome
What you’ll need: The only thing you’ll need for this is an updated Chrome browser. I’ll demonstrate this feature on the desktop version of the browser, but the process is similar on the mobile version of the app.
Open your Chrome browser and then open Settings by clicking the three-dot menu in the upper right-hand corner. From the drop-down menu, click Settings.
From the left sidebar, click “Privacy and security” and then click Security in the right pane.
In the Security section, you’ll find three options under Safe Browsing: “Enhanced protection”, “Standard protection”, and “No protection”, You want to make sure to enable “Enhanced protection”.
“Enhanced protection” might be enabled by default.
Screenshot by Jack Wallen/ZDNET
To bolster the Enhanced protection option, scroll down under “Secure connections” and click the On/Off slider for “Always use secure connections” until it’s in the On position.
Also: The best secure browsers for privacy
When you do this, Chrome can protect you against sites that don’t use secure connections. Many phishing sites do not use secure connections because they’d have to apply for an SSL certificate, which would leave a paper trail leading toward the attacker.
Enabling this feature will prevent HTTP sites from loading (if there’s no HTTPS equivalent).
Screenshot by Jack Wallen/ZDNET
Once you’ve done this step, you can close Settings and trust that Chrome is better capable of protecting you against phishing attacks.
How to enable anti-phishing in Firefox
1. Open Firefox Settings
Open the Firefox browser and click the three-line menu button in the top-right corner. From the dropdown, click Settings.
2. Go to Privacy & Security
From within Settings, click the Privacy & Security entry in the left sidebar.
3. Locate Security and enable the feature
Scroll down toward the bottom of the page until you see Security. You want to make sure to enable all three options in that section (“Block dangerous and deceptive content”, “Block dangerous downloads”, and “Warn you about unwanted and uncommon software”.
Make sure to enable all three options here.
Screenshot by Jack Wallen/ZDNET
4. Enable HTTPS-Only mode
Under Security, you’ll see the HTTPS-Only Mode option. Click the radio button for “Only use HTTPS in all windows”.
I always enable this feature in Firefox and Firefox-based browsers.
Screenshot by Jack Wallen/ZDNET
For further protection in both browsers, you could also enable Secure DNS (Chrome) and DNS over HTTPS (Firefox) to ensure all DNS queries are encrypted.
Once you’ve followed these steps, both Chrome and Firefox will be better capable of protecting you from phishing attacks. Do remember, however, that nothing is 100% guaranteed. Even with the extra protection, you should always be aware of what’s going on.
Also: My 5 favorite web browsers – and what each is ideal for
One of the best things you can do when you see a suspect link is copy it, paste it into a notepad, and verify if the domain is legit.
For example, if the link is supposed to be from Captial One but the domain is something else, it could be a phishing attempt.
Be safe out there.