DuckDuckGo has expanded the capabilities of its built-in Scam Blocker, adding new protections against increasingly common online threats such as fraudulent crypto exchanges, fake storefronts, and scareware pop-ups.
The privacy-focused browser now blocks a broader range of scams without sending user data to third parties, preserving its zero-tracking model.
The update builds on DuckDuckGo's original Scam Blocker, which already guards against phishing attempts, malware distribution sites, and malvertising. The company designed Scam Blocker in-house using threat intelligence from Netcraft, an independent cybersecurity firm known for tracking and identifying fraudulent websites in real-time. This ensures that Scam Blocker operates independently of Google's Safe Browsing system, which most mainstream browsers rely on, and which involves sending user data to Google.
DuckDuckGo, best known for its private search engine and browser suite, has carved out a niche among users seeking strong privacy protections. Its desktop and mobile browsers are geared toward limiting tracking, with features like automatic tracker blocking, cookie management, and now, a more robust scam detection system. Privacy Pro subscribers with access to DuckDuckGo's paid VPN service benefit from system-wide Scam Blocker protections, including when browsing in other apps and browsers.
The browser's updated Scam Blocker now detects and blocks:
- Fraudulent investment and cryptocurrency sites, including fake trading platforms and “get-rich-quick” schemes.
- Sham e-commerce and affiliate survey sites, offering fake products, discounts, or high-paying surveys as bait.
- Scareware pages, which falsely claim a device is infected with viruses and prompt users to download fake antivirus software or call fake tech support.
- Phishing and malware sites, which attempt to extract login credentials or deliver malicious payloads.
- Malvertising, where seemingly legitimate ads are used to deploy malware or redirect users to scam domains.
Unlike Google Safe Browsing, which checks URLs in real-time by sending them to Google's servers, DuckDuckGo's Scam Blocker maintains user privacy by downloading a refreshed list of malicious sites to the browser every 20 minutes. The browser checks URLs locally against this list, and only in rare cases (less than 0.1% of the time) does it perform a verification check with DuckDuckGo servers. Even then, the process is anonymized using cryptographic methods to ensure no browsing data is exposed.
When a user navigates to a flagged website, Scam Blocker intercepts the connection and displays a warning message, giving the option to return to safety or proceed at their own risk. This on-by-default feature requires no account setup or login and doesn't share any user data with outside parties.
DuckDuckGo
According to the U.S. Federal Trade Commission, consumers lost a staggering $12.5 billion to fraud in 2024, with online shopping, investment scams, and deceptive internet services among the top categories. DuckDuckGo's latest update is a response to this growing threat landscape, aiming to neutralize scam attempts before users are even exposed to them. Still, the best defense for users remains good browsing habits, such as avoiding clicks on unsolicited offers and being skeptical of “too good to be true” investment return promises.
Hi Alex, could you review VPN products from browser companies like DuckDuckGo, Brave, Firefox etc.? Thank you
Hi August, yes, we could do this later in the year. Thanks for the feedback.