A Quarter of Phishing Attacks Are Now Hosted on HTTPS Domains
Posted by: Timothy Tibbetts on 12/06/2017 03:46 AM
[
Comments
]
There's been a big push for all websites to become HTTPS for security and privacy and the bad guys want in.
Anyone is security can tell you where this is going - the bad guys need to take advantage of this.
According to PhishLabs, the rate at which phishing sites are hosted on HTTPS pages is rising significantly faster than overall HTTPS adoption. You read that right; the bad guys are adopting HTTPS faster than everyone else.
In the third quarter of 2017, PhishLabs observed nearly a quarter of all phishing sites hosted on HTTPS domains, almost double the percentage they saw in the second quarter. A year ago, less than three percent of Phish were hosted on websites using SSL certificates. Two years ago, this figure was less than one percent.
The trend of phishing sites hosted on HTTPS domains
PhishLabs points out the two reasons. The first, being obvious, is more HTTPS sites means more bad HTTPS sites. The second reason is phishers are taking advantage of unclear messages when you go to an HTTP website, for example, here.
Phishers believe that the “HTTPS” designation makes a phishing site seem more legitimate to potential victims and, thus, more likely to lead to a successful outcome. And unfortunately, they’re right.
Be safe out there, and be smart.
Anyone is security can tell you where this is going - the bad guys need to take advantage of this.
According to PhishLabs, the rate at which phishing sites are hosted on HTTPS pages is rising significantly faster than overall HTTPS adoption. You read that right; the bad guys are adopting HTTPS faster than everyone else.
In the third quarter of 2017, PhishLabs observed nearly a quarter of all phishing sites hosted on HTTPS domains, almost double the percentage they saw in the second quarter. A year ago, less than three percent of Phish were hosted on websites using SSL certificates. Two years ago, this figure was less than one percent.
The trend of phishing sites hosted on HTTPS domains
PhishLabs points out the two reasons. The first, being obvious, is more HTTPS sites means more bad HTTPS sites. The second reason is phishers are taking advantage of unclear messages when you go to an HTTP website, for example, here.
Phishers believe that the “HTTPS” designation makes a phishing site seem more legitimate to potential victims and, thus, more likely to lead to a successful outcome. And unfortunately, they’re right.
Be safe out there, and be smart.
Comments
