Cybersecurity

Three Reasons Why the Browser is Best for Stopping Phishing Attacks

Leon SCOTT

27 Apr 2025 • 2 min read

The following post appears to be a solution push, but it has some interesting ideas that I think are worth sharing.

Phishing attacks remain a huge challenge for organizations in 2025. In fact, with attackers increasingly leveraging identity-based techniques over software exploits, phishing arguably poses a bigger threat than ever before

With MFA-bypassing phishing kits the new normal, capable of phishing accounts protected by SMS, OTP, and push-based methods, detection controls are being put under constant pressure as prevention controls fall short

The majority of phishing detection and control enforcement is focused on the email and network layer — typically at the Secure Email Gateway (SEG), Secure Web Gateway (SWG)/proxy, or both.

Most phishing attacks involve the delivery of a malicious link to a user. The user clicks the link and loads a malicious page. In the vast majority of cases, the malicious page is a login portal for a specific website, where the goal for the attacker is to steal the victim's account

But in the browser, you can observe the rendered web page in all its glory. With much deeper visibility of the page (and its malicious elements) you can…

From here we get a list of things that could be built into the browser. Interesting stuff - also part of the product push. My question - why isn't this built in by default. Most browsers have built in protections some enabled by default - others are not. As per usual it's a constant battle.

Anyhow - interesting reading.

If you are interested on how to protect yourself a little better, there are guides here.

https://www.cyber.gov.au/learn-basics

#enoughsaid