Most people rely on instinct to spot a scam website — bad grammar, a weird domain name, an offer that feels too good to be true. But your browser and device already have built-in tools designed to catch threats before you even notice them. Turning on the right settings takes only a few minutes and quietly protects you every time you go online, even on the days you're distracted or in a hurry.

Turn on your browser's built-in safety warnings

Every major browser has a feature that checks websites against known lists of scams, phishing pages, and malware before it loads them fully. This is usually the single biggest protection you can have, because it works automatically in the background.

  • Look in your browser's privacy or security settings for an option often called "Safe Browsing," "Enhanced Protection," or "Smart Screen."
  • Choose the strongest available level if there's a choice — the extra checks are worth the tiny delay they might add.
  • Never dismiss the red or orange warning screens that appear when a site is flagged. If a page you trust triggers one repeatedly, treat that as a signal something may be wrong with the site itself, not just a false alarm.

Keep your browser and operating system updated

Scam and malware sites often exploit outdated software to run malicious code without you clicking anything. Updates regularly patch exactly these weaknesses.

  • Set your browser to update automatically rather than checking manually.
  • Do the same for your operating system, whether on a computer or phone.
  • Restart your device occasionally — many updates only fully apply after a restart, and postponing this repeatedly leaves gaps open.

Control what websites are allowed to do

Modern browsers let you decide, site by site, whether pages can show pop-ups, send notifications, use your camera or location, or install extensions. Scam sites often abuse these permissions to trick or track people.

  • Block pop-ups by default; almost no legitimate site needs them, and most fake "you've won a prize" or "your device is infected" messages arrive this way.
  • Turn off automatic notification requests, or set your browser to ask each time rather than allow instantly. A flood of browser notifications from a site you don't remember visiting is a common scam-recovery headache.
  • Review site permissions occasionally and revoke access for anything you don't recognize or no longer use.

Be deliberate about browser extensions

Extensions can be useful, but they also have deep access to what you see and type online. A malicious or poorly maintained extension can quietly redirect you to scam pages or insert fake ads into real websites.

  • Only install extensions from your browser's official store, and check reviews and update history before adding one.
  • Remove extensions you no longer actively use.
  • Periodically look through your installed extensions list — it's easy to forget what's there, and old ones can become a security risk if abandoned by their developers.

Use DNS and network-level protections

Some protection can happen even before a page loads, at the network level. Certain DNS services and browser settings can block known malicious domains automatically.

  • Check whether your browser or router offers a secure DNS option, sometimes labeled "Secure DNS" or similar, and enable it if available.
  • On public Wi-Fi, consider using your phone's mobile data or a trusted network instead, since public networks make it easier for traffic to be intercepted or redirected.

Set up device-level protection

Browser settings work best alongside basic device hygiene.

  • Keep a lock screen (PIN, password, or biometric) active on phones and computers, so a lost or stolen device doesn't give someone else access to your saved logins.
  • Use your device's built-in security or antivirus features, and keep them turned on rather than disabling them for convenience.
  • Back up important files regularly, so that if a malicious site ever does cause damage, you're not starting from zero.

A quick settings checklist

  • Safe Browsing / Enhanced Protection turned on
  • Browser and operating system set to auto-update
  • Pop-ups blocked by default
  • Site notification and permission requests reviewed regularly
  • Only trusted, actively maintained extensions installed
  • Secure DNS enabled where available
  • Device lock screen and backups active

None of these settings require technical expertise, and most take only a moment to check. Together they form a quiet, consistent layer of defense that catches many scam and malicious sites automatically — long before you'd have to rely on spotting the warning signs yourself.