Today we’ll have a double whammy when it comes to malware threats on Internet websites. Let’s start by mentioning that the latest in phishing schemes are now using encrypted sites to seem authentic. That’s right, what once was a method to encrypt websites and protect user data is now becoming an accessible weapon.
I’m sure you’ve seen websites with a green lock and HTTPS alongside the credentials of the website. These are especially common in places where you make payments, sign up to websites and other functions. However, it seems like Phishing scammers have caught onto this and are adding their own cheeky tactics.
On Tuesday, the phishing research and defense firm PhishLabs published new analysis showing that phishers have been adopting HTTPS more and more often on their sites. Nowadays phishing scams have encrypted website information and credentials over 24% of the time.
Some phishing sites come by HTTPS only incidentally, or as an added bonus. Phishers often hijack legitimate sites for their own uses, so the more HTTPS is deployed around the web overall, the more likely a that a phisher might compromise a site that implements it.
However, PhishLabs also found out that phishers create their own sites almost as often as they steal those of others. When this is the case, phishers often add the green padlock to their websites. This is done to deceive the users into a false sense of security, so they can give valuable information.
Crane Hassold, a threat intelligence manager at PhishLabs who worked on the research made a comment about how 75% of the phishing attempts made against PayPal and Apple users were using HTTPS sites.
Remember that phishing scams are a big threat, so always be on the lookout for the authenticity of any e-mails you open. An added bonus for security is definitely the use of multi-factor authentication and multiple, random passwords. Keep your browsing safe and remember to report these scams as soon as possible.