New Phishing Scheme Counts on False Sense of Security

Be careful where you click—that padlock icon is no guarantee of safety. 

When you’re browsing the internet these days, you may realize the majority of sites you visit have a green padlock in the left part of the address bar, meant to indicate its HTTPS status.  That status, which indicates the website is encrypted, is important for people looking to stay secure as they swim the often murky waters of the internet. 

But what happens when that symbol of security is increasingly fake?  PhishLabs has recently published research indicating that hackers and criminals are more likely to adopt HTTPS.

In fact, almost a quarter (24%) of the sites that a phishing email is trying to get you to click are encrypted.  That’s up from less than 3% last year and less than 1% two years ago, researchers say.

Why the increase?  Websites overall are increasingly being encrypted, so it would make sense that sites meant to steal user information would jump on the bandwagon. 

But the rate of HTTPS adoption on phishing sites is rising much faster than overall HTTPS adoption, analysts say.  This makes it clear that criminals are adopting HTTPS in order to make their sites seem safe to unwary victims.

Protect yourself

From now on, it’s wisest to ignore that padlock icon and instead focus on some basics:

• Never click a shopping link sent to you via email.  Type in the web address by hand.
• Be skeptical, and remember that common sense rules.  If one site offers far better prices than others, ask yourself why.
• While some bogus websites are very authentic-looking, many are not.  If a site has typos, odd phrasing, or an amateurish appearance, it’s not the actual page of a government organization, charity, or large business. 

© Good Sense Security LLC — February, 2020