How Encrypted Sites Are Used To Legitimize Phishing Scams

By   ISBuzz Team
Writer , Information Security Buzz | Dec 07, 2017 01:00 pm PST

It was reported yesterday that the phishing research and defence firm PhishLabs published new analysis showing that phishers have been adopting HTTPS more and more often on their sites. When you get a phishing email or text, the sites they lead to—that try to trick you into entering credentials, personal information, and so on—implement web encryption about 24 percent of the time now, PhishLabs found. Tim Helming, Director of Product Management at DomainTools commented below.

Tim Helming, Director of Product Management at DomainTools: 

Tim Helming“While the change to encryption doesn’t have a significant impact on the operations of these phishing sites–they’re not likely to be subject to attempted man-in-the-middle attacks very often–it is a relatively easy way for them to look just a bit more legitimate. Consumers have become accustomed to looking for https, or the padlock icon, when connecting to e-commerce and other sites that handle sensitive data. This helps the phishers bypass one of the layers of scrutiny that more and more consumers apply to sites they visit.”