PhishLabs: 49 percent of all phishing sites use HTTPS

In online shopping guides, it was often recommended that users access e-commerce sites with “security locks” (Chrome 68 starts to mark all HTTP web pages are not secure by default), which can be greatly protected from phishing attacks or malware traps. However, unfortunately, the meaning of this recommendation is not great. The latest research shows that half of the phishing scams are now hosted on pages marked with a security lock at the beginning of “https://”.

According to the latest data from anti-phishing company PhishLabs, 49% of phishing sites in the third quarter of 2018 display a “security lock” icon on the browser address bar. In the same period last year, it accounted for 25%, and in the second quarter of 2018, it accounted for 35%. The growth of this set of numbers is worrying, as PhishLabs found in last year’s survey that more than 80% of respondents believe that websites with “security locks” are often legal and secure.

In fact, the URL enables https:// (also known as Secure Sockets Layer, SSL), which simply means that the data you are transferring back and forth to the URL and that the website is encrypted and cannot be read by a third party. Displaying a “security lock” does not mean that the site is legitimate, nor is it evidence that the site has been security hardened to prevent hacking.

John LaCour, chief technology officer of the company, said, “PhishLabs believes that this can be attributed to both the continued use of SSL certificates by phishers who register their own domain names and create certificates for them, as well as a general increase in SSL due to the Google Chrome browser now displaying ‘Not secure’ for websites that do not use SSL. The bottom line is that the presence or lack of SSL doesn’t tell you anything about a site’s legitimacy.”

Via: krebsonsecurity