URL blacklists are used by the majority of modern web browsers as a means to protect users from rogue web sites, i.e. those serving malware and/or hosting phishing scams. There is a plethora of URL blacklists/reputation services, out of which Google's Safe Browsing and Microsoft's SmartScreen stand out as the two most commonly used ones. Frequently, such lists are the only safeguard web browsers implement against such threats. In this paper, we examine the level of protection that is offered by popular web browsers on iOS, Android and desktop (Windows) platforms, against a large set of phishing and malicious URL. The results reveal that most browsers - especially those for mobile devices - offer limited protection against such threats. As a result, we propose and evaluate a countermeasure, which can be used to significantly improve the level of protection offered to the users, regardless of the web browser or platform they are using.
- Mobile device
- Web browser