Phishing turning to HTTPS for Legitimacy

Phishing using HTTPSA New Way for Phishing

Over the past year Phishing sites have been increasingly using HTTPS.  As HTTPS begins more popular in general this is not entirely a surprise; but, the increase is more than expected.  Further, HTTPS is not necessary for a phishing site to function.  Towards the end of 2017 a quarter of all phishing sites are now HTTPS compared to under three percent a year ago.

Adding Legitimacy

So why is this even important?  You know you’re on an HTTPS site because of the green lock in the search bar and the word secure.  Unfortunately this is what causes the confusion.  Many people incorrectly assume that this means the website is safe and trusted.  Unfortunately this is not what it actually means.  HTTPS means that the communication between your browser and the website is secure through encryption, not that the website is necessarily safe.  Phishers use this confusion to help give the site the appearance of more legitimacy.  Make sure you trust any website that you visit, HTTP or HTTPS.  The presence of the secure does not equate to safe.

Post by chromite