A new study by PhishLabs nearly half of the phishing sites using SSL HTTPS connection and shows padlock which indicates a means of telling it as a legitimate site.
The reason for the alarming rise is because still the internet user’s believe in the padlock “look for the lock” and believe the website is legitimate and safe.
The presence of SSL doesn’t tell you anything about site legitimacy, the SSL/TLS certificates are to encrypt the connection between the browser and the server which avoids intrusion from hackers.
In the third quarter of 2018, almost 49 percent of the phishing sites uses the SSL certificate, before one year it was 25 percentage and in the second quarter, it was 35 percent.
According to PhishLabs survey conducted last year found more than 80% of respondents believed the green lock indicated a website was either legitimate and/or safe, reported Kerbs on security.
John LaCour, chief technology officer said that, we believe this can be attributed to both the continued use of SSL certificates by phishers who register their own domain names and create certificates for them, as well as a general increase in SSL due to the Google Chrome browser now displaying ‘Not secure’ for websites that do not use SSL.”
The attackers taking advantage of internationalized domain names to introduce visual confusion and trick the user’s to believe it is a legitimate site.
Nowadays the process of getting an SSL Certificate is very simple and we also get it for free. Cybercriminals also selling the stolen SSL and code signing certificates in packages.
Certificate Transparency aims to remedy these certificate-based threats, it helps in Earlier detection, Faster mitigation, and better oversight.
There is a number of ways to analyze the Website is legitimate or not, the first and the most recommended method is to check online page scanners.
The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS devices.…
White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch Experts…
Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan exploits…
The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on organizations…
Google has updated its Chrome browser, addressing critical vulnerabilities that posed potential risks to millions…
WrnRAT is a new malware attack that cybercriminals have deployed by using popular gambling games…