More and More Phishing Sites Use HTTPS Certificates to Appear More Legitimate

Phishing attacks have become far more common over the past few years. Unfortunately, it appears things will not get better anytime soon, as criminals are stepping up their game once again. More specifically, it appears scammers are now using the HTTPS protocol for phishing sites in an effort to win over consumers in the process. A very disturbing development that could have widespread ramifications.

Phishing Sites With HTTPS Are Very Dangerous

Consumers have become somewhat more aware of how sites are using different protocols to store and encrypt information. The HTTPS protocol is often considered to be a tool only belonging to secure websites. Any platform using HTTPS encrypts data, which should keep the information in question safe from prying eyes. Unfortunately, it appears scammers and phishers are now using this encrypted protocol as well, which causes quite a few problems.

To be more specific, a new report indicates how quite a few phishing sites are using HTTPS encryption as well. Scammers use this tactic to make their fake website appear more legitimate. This is a clear effort to trick visitors into believing the site they are visiting is the real deal, and not a copy. In the minds of most consumers, a website using HTTPS should be trusted at all times. It is good to see the educational efforts regarding HTTPS pay off, although this also means consumers will have a difficult time distinguishing between fake and real websites when the both use HTTPS.

For most people, a site using an HTTPS connection can be trusted without question. Now that phishing sites have the same level of encryption, criminals will become more successful in their efforts to obtain information from victims. So far, Cisco Talos engineers discovered phishing sites promoting products of poor quality, offering fake technical support, and stealing banking credentials. Impersonating a popular domain and slapping an HTTPS certificate on top of it will trick the average consumer into giving up sensitive information in the end.

Anyone visiting a phishing site with an HTTPS certificate will see it as a trusted platform. The small green lock next to the address in the browser’s address bar will show up. This is quite a problematic development that will not be as easy to solve by any means. Consumers often do not check the specific details related to the certificate in question. Instead, they will trust the platform just because it has this small green lock next to the website address.

This new threat has become quite apparent across recent phishing campaigns. The scammers send out millions of emails to people all over the world in an attempt to redirect them to a phishing website. For the victims who click these links, they will see the HTTPS certificate and assume it is a legitimate service. As we mentioned in a previous article, the issuance of these HTTPS certificates is facilitated by the Let’s Encrypt initiative. Issuing certificates free of charge without further questions asked has become a treasure trove for phishers and other scammers.

For the time being, it is evident there is no clear solution in sight. Let’s Encrypt has acknowledged the problem exists, yet they are not entirely sure how they can address this abuse. It is evident consumers need to be made aware of how just seeing the green lock does not mean the website they visit can be trusted. Raising awareness of this issue means another educational campaign needs to be organized.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.

Image(s): Shutterstock.com