Microsoft Windows Defender Fights Phishing on Google Chrome Browser

Post a Fraud Alert:

Microsoft is bringing the technology it uses to keep Edge users safe to a rival browser.

Available now in the Chrome Web Store, the new Windows Defender Browser Protection extension for Google Chrome monitors web pages to help users avoid phishing schemes and socially-engineered attempts to lure them to malware-tainted sites. The product borrows its name from Windows Defender, the anti-malware software that is included with Windows desktop operating systems.

“If you click a malicious link in an email or navigate to a site designed to trick you into disclosing financial, personal or other sensitive information, or a website that hosts malware, Windows Defender Browser Protection will check it against a constantly updated list of malicious URLs known to Microsoft,” states the extension’s product description. Should a user click on a link that appears on that list, the extension will show a red warning screen with a button that leads back to safety.

It’s a straightforward tool that helps users avoid learning a harsh lesson in misspelling URLs or clicking on seemingly safe links sent by attackers posing as friends, colleagues or other trusted contacts.

Of course, Google Chrome also warns users about unsafe websites, but Microsoft is claiming it has the upper hand when it comes to blocking phishing attempts. Citing data from cyber-security testing and research firm NSS Labs, the software giant asserted that its Edge browser is 99 percent effective at blocking phishing attacks compared to Chrome at 87 percent and Firefox at 70 percent.

Any technology that stops phishing in its tracks is likely to receive a warm welcome by the cyber-security community. Verizon’s 2018 Data Breach Investigations Report revealed that ransomware is not slowing down, accounting for 39-percent of security incidents that Verizon analyzed for the study.

Phishing is ransomware’s partner in crime.

“Ransomware is easy to exploit; you just have to get someone to run an attachment. We know from our phishing data that in any campaign an average of four percent of people will click an attachment,” Gabe Bassett, senior information security data scientist at Verizon Enterprise Solutions, recently told eWEEK’s Sean Michael Kerner. Phishing is also used by attackers to infect PCs with crypto-jacking malware.

In a crypto-jacking attack, unauthorized mining software is loaded onto a system, using its CPU to generate cryptocurrency. While attackers collect their spoils, victims suffer from degraded system performance and higher energy bills.

Besides phishing, attackers also rely on malicious websites and browser extensions to illicitly mine crypto-currency. To address this threat, Google announced on April 2 that it was banning extensions with crypto-mining features from the Chrome Web Store effective immediately.

Google came to the decision after discovering that attackers snuck crypto-mining code in extensions that purportedly served other purposes, subjecting affected devices to resource-intensive mining operations without user consent. One such extension was Archive Reader, which was installed by 105,000 users and mined Monero cryptocurrency before Google pulled it from the Chrome Web Store.