Saturday, October 12, 2024
HomeComputer SecurityHalf of the Phishing Sites Trick Users by Displaying the HTTPS Green...

Half of the Phishing Sites Trick Users by Displaying the HTTPS Green Padlock

Published on

Malware protection

A new study by PhishLabs nearly half of the phishing sites using SSL HTTPS connection and shows padlock which indicates a means of telling it as a legitimate site.

The reason for the alarming rise is because still the internet user’s believe in the padlock “look for the lock” and believe the website is legitimate and safe.

The presence of SSL doesn’t tell you anything about site legitimacy, the SSL/TLS certificates are to encrypt the connection between the browser and the server which avoids intrusion from hackers.

- Advertisement - SIEM as a Service

In the third quarter of 2018, almost 49 percent of the phishing sites uses the SSL certificate, before one year it was 25 percentage and in the second quarter, it was 35 percent.

According to PhishLabs survey conducted last year found more than 80% of respondents believed the green lock indicated a website was either legitimate and/or safe, reported Kerbs on security.

John LaCour, chief technology officer said that, we believe this can be attributed to both the continued use of SSL certificates by phishers who register their own domain names and create certificates for them, as well as a general increase in SSL due to the Google Chrome browser now displaying ‘Not secure’ for websites that do not use SSL.”

The attackers taking advantage of internationalized domain names to introduce visual confusion and trick the user’s to believe it is a legitimate site.

Image Credits: SANS

Nowadays the process of getting an SSL Certificate is very simple and we also get it for free. Cybercriminals also selling the stolen SSL and code signing certificates in packages.

Certificate Transparency aims to remedy these certificate-based threats, it helps in Earlier detection, Faster mitigation, and better oversight.

There is a number of ways to analyze the Website is legitimate or not, the first and the most recommended method is to check online page scanners.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Threat Actor ProKYC Selling Tools To Bypass Two-Factor Authentication

Threat actors are leveraging a newly discovered deepfake tool, ProKYC, to bypass two-factor authentication...

Mozilla Warns Of Firefox Zero-Day Actively Exploited In Cyber Attacks

A critical use-after-free vulnerability affecting Firefox and Firefox Extended Support Release (ESR) is being...

SpyCloud Embeds Identity Analytics in Cybercrime Investigations Solution to Accelerate Insider and Supply Chain Risk Analysis & Threat Actor Attribution

IDLink, SpyCloud’s new automated digital identity correlation capability, is now core to its industry-leading...

Abusix and Red Sift Form New Partnership, Leveraging Automation to Mitigate Cyber Attacks

The agreement has marked over 600,000 fraudulent domains for takedown in just two months...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

North Korean Hackers Attempted To Steal Sensitive Military Data

Diehl Defence anti-aircraft missiles from Baden-Württemberg are successfully intercepting Russian attacks on Kyiv, according...

Hackers Abuse HTML Smuggling Technique To Deliver Sophisticated Phishing Page

Phishing attackers employed an HTML smuggling technique to deliver a malicious payload, as the...

Beware Of Fake Verify You Are A Human Request That Delivers Malware

Researchers observed two distinct instances where users were inadvertently led to malicious websites after...