There are two options basically to protect computer systems (and thus users) from phishing attacks.
The first type refers to protections in programs like email clients or instant messaging services that are commonly used to spread phishing links while the second to methods that block the web browser from opening those links (when they have already been clicked on). The second type comes in form of antivirus solutions running on the system or web browser security.
The phishing protection - Mozilla calls it web forgery protection - of the Firefox web browser belongs to the second method as it blocks known attack pages in the browser by default.
Firefox displays a warning whenever you attempt to open a website that is a reported phishing website. Updated phishing and malware lists are automatically downloaded every 30 minutes if the web forgery protection is enabled in the web browser.
The following screen is displayed if a website is opened that is on that list of phishing and malware websites.
You still have the option to ignore the warning and proceed but this is generally recommended to stop at this point and close the tab.
It happened in the past that legitimate sites were flagged as web forgeries even though they were not and this seems to be a legitimate reason to ignore the warning and proceed.
There is however one nagging questions that some Firefox users may have. How can they be sure that the phishing protection is working in the web browser?
Mozilla has created a specifically prepared website that will trigger the phishing protection. Users who open the It's a trap website by Mozilla will see the web forgery warning if the phishing protection is enabled and working in the web browser. Everyone else will simply see the test website.
Firefox users who do not see the warning page should go into the Tools > Options > Security in the Firefox options and ensure that the entries Block reported attack sites and Block reported web forgeries are checked.
This may be useful if another program provides phishing protection already.
The phishing test website will not work with other browsers even if they offer phishing protection as well.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.