According to a recent survey, nearly twenty five percent of phishing sites used HTTPS domains in the 3rd quarter of 2017. This represents an almost doubling over the previous quarter, according to a study conducted by the reputable PhishLabs.
HTTPS domains, which display internet addresses as “https://” as opposed to “http://” and include a green lock icon, were once a reliable sign that a website was legit.
Although most websites with an HTTPS domain were/are secure, to say that this is what made a site legitimate is specious reasoning however: the green lock is not a guarantor of security at all.
This is a misunderstanding about HTTPS, however, with PhishLabs poll finding that more than eighty percent of pollsters mistakenly believed the green lock symbol meant a website was secure.
The green lock indicates that the communication between your internet browser and the World Wide Web site in question is encrypted – but it does little to guarantee that you really are communicating with the site you believe you are visiting on the web.
Gaining SSL certificates is just another way phishers are manipulating people into thinking their sites are secure.
The best advice we at CBNN can give you is to trust absolutely nothing from an unsolicited email: links can – and will be – manipulated. Point in case: The “from” field in the email can be forged, attachment(s) can contain malware (even word or pdf docs), and legitimate sounding information in an email could have been stolen.
Protip: If the email is unsolicited be very suspicious. Do not click anything in the email. Instead, go to the site directly that the email is claiming to be from manually and log in.
The extra effort it takes to log in manually is inconsequential, and getting into this habit will help you bypass even the most advanced of phishing tricks to known to man.