There's been a big push for all websites to become HTTPS for security and privacy and the bad guys want in.

We've been working on completing that here on MajorGeeks. However, we don't have your information, or credit cards and are only doing so because Chrome, Firefox, and others now warn people if a site isn't secure. They just don't tell you when it's irrelevant. In the past year, Firefox reports that 65% of websites now use HTTPS, up from 45%.

Anyone is security can tell you where this is going - the bad guys need to take advantage of this.

According to PhishLabs, the rate at which phishing sites are hosted on HTTPS pages is rising significantly faster than overall HTTPS adoption. You read that right; the bad guys are adopting HTTPS faster than everyone else.

In the third quarter of 2017, PhishLabs observed nearly a quarter of all phishing sites hosted on HTTPS domains, almost double the percentage they saw in the second quarter. A year ago, less than three percent of Phish were hosted on websites using SSL certificates. Two years ago, this figure was less than one percent.


The trend of phishing sites hosted on HTTPS domains

PhishLabs points out the two reasons. The first, being obvious, is more HTTPS sites means more bad HTTPS sites. The second reason is phishers are taking advantage of unclear messages when you go to an HTTP website, for example, here.

Phishers believe that the “HTTPS” designation makes a phishing site seem more legitimate to potential victims and, thus, more likely to lead to a successful outcome. And unfortunately, they’re right.

Be safe out there, and be smart.