Not only legitimate websites use https more and more, phishing sites also have more and more access to a secure connection. There is even a strong increase in the number of https phishing sites, according to security company PhishLabs . In the third quarter of this year almost 25 percent of the observed phishing sites had a https connection.
A quarter earlier was still about 12 percent, while a year ago less than 3 percent of the phishing sites had a ssl certificate. According to the security company, there are two reasons why there is an increase in https usage among phishing sites. The first reason is that phishing sites are regularly offered via hacked, legitimate websites. When a legitimate website with a ssl certificate is hacked, the phishing page that is offered via the website will also have a secure connection.
The second reason according to PhishLabs is that criminals register domains for their phishing site and then enable https themselves. This then happens via certificate authorities that offer free ssl certificates, such as Let's Encrypt and Comodo. In this way, the phishing site looks more legitimate, says Crane Hassold of PhishLabs. Chrome automatically displays the "Safe" message at https sites. This refers to the secure connection, but end users think the website they are visiting is safe, Hassold notes.
"The misunderstanding about the meaning of https among the general public and the confusing appointment of https websites in browsers are the main reasons why it is a popular preference of phishers in hosting phishing sites," Hassold continues. "Combined with the rapid growth of https among website owners, we expect the number of https phishing sites to grow further."
No comments:
Post a Comment