Half of all Phishing Sites Now Have the Padlock

ronjor · Nov 26, 2018

Maybe you were once advised to “look for the padlock” as a means of telling legitimate e-commerce sites from phishing or malware traps. Unfortunately, this has never been more useless advice. New research indicates that half of all phishing scams are now hosted on Web sites whose Internet address includes the padlock and begins with “https://”
Click to expand...

.https://krebsonsecurity.com/2018/11/half-of-all-phishing-sites-now-have-the-padlock/

Palancar · Nov 27, 2018

U2F connectivity is the way to go where available. No phising of U2F!

guest · Jun 21, 2019

More Than Half of Phishing Sites Now Use HTTPS
June 20, 2019
https://info.phishlabs.com/blog/more-than-half-of-phishing-sites-use-https

By the end of Q1 2019, more than half of all phishing sites have employed the use of HTTPS, now up to 58%. This is a major milestone and shows that threat actors actions often mirror that of the majority of users.
At the end of last year, our team identified that nearly half of all phishing sites were employing HTTPS or a SSL certification. Specifically, HTTPS was found on 49% by the end of Q3.

HTTPS simply means that a site is using encrypted communication when sending information between you and it. When a threat actor uses it, say for example using a fake login screen for Twitter, that site is still going to steal your login credentials, but at least it does so securely.
Click to expand...

guest · Sep 29, 2020

Why Web Browser Padlocks Shouldn’t Be Trusted
September 29, 2020
https://threatpost.com/why-web-browser-padlocks-shouldnt-be-trusted/159659/

For years Google, Firefox, Apple and Microsoft relentlessly made the point, in order to avoid rogue sites make sure your browser “padlock” is either locked, green or otherwise “secure”. Now, cybersecurity firms are stressing those padlocks are not enough.

“You must look beyond the lock,” said Dean Coclin, senior director of business development at DigiCert. “They simply can’t be trusted anymore.”
That’s because, years after all major browsers have added visual safety cues to their address bars, the majority of bad guys are also using them.

On Monday, the Anti-Phishing Working Group released a study (PDF) that tracked a large uptick in phishing attacks in Q2 of 2020. The surge links to rogue in sites using the cryptographic protocol Transport Layer Security or TLS, most commonly referred to by its legacy name Secure Sockets Layer, or SSL.
Click to expand...

Certificate Abuse Skyrockets
According to the Anti-Phishing Working Group (APWG) report, 80 percent of phishing sites used SSL certificates in Q2, according to APWG.
Attacks ranged from phishing lures pointing to bogus wire transfer sites and social media platforms Facebook and WhatsApp being pelted with links to shady domains.
Click to expand...

PhishLabs: APWG: SSL Certificates No Longer Indication of Safe Browsing

Log in or Sign up

Half of all Phishing Sites Now Have the Padlock

ronjor Global Moderator

Palancar Registered Member

guest Guest

guest Guest

Log in or Sign up

Half of all Phishing Sites Now Have the Padlock

ronjor Global Moderator

Palancar Registered Member

guest Guest

guest Guest

Useful Searches