Phishing Websites now Have Fake HTTPS Padlock - How to Spot Them This Time
Hackers have come a long way since their first steps in the days of old. Nowadays, advancements in cyber-security have made it necessary for them to be ingenious when going about their business – and unfortunately, they have more than risen to the challenge. They are always looking for new ways to trick users, preying on said user's ignorance and misconceptions. Misconceptions, such as the idea that websites sporting the green padlock icon are entirely secure and legitimate.
Let's get one thing straight – the padlock next to a URL means that the data sent between a user and the site is encrypted, and therefore inaccessible to any malicious third-parties. That is all it signifies.
What it does most definitely NOT signify is the legitimacy and safety of the URL sitting right next to it. Put simply – it signifies the fact that third party intervention in a user's data is impossible – but it does not guarantee the veracity or legitimacy of the "second party", as it were - namely, the website, to the user. There is even a specific FBI warning on the subject. Yet, a survey done by IT security specialists found that more than 80% of respondents knew that the green padlock had something to do with increased security and thought it signified some sort of certification that a website is safe, legitimate and fraud-free.
This is a fatal notion that needs to be thoroughly dispelled in the minds of all users, as it is absolutely fictitious and actively harmful to them. They need to be aware that while the green padlock signifies security, it is wholly meaningless unless it appears next to a web address they absolutely trust.
Research by IT security specialists indicates that nearly half of all phishing sites at the end of 2018 had the padlock security icon next to their web address – their number growing incrementally in the quarters before the original survey, as well as after it was published. To put it simply – even more cybercriminals have become aware that people associated the green padlock with security and seek to exploit the psychological loophole to con uneducated users.
What Should be Done About it?
There are a few things that should be done with regard to the problem that IT security experts have dubbed "HTTPS Phishing." As mentioned above, the main reason these phishing attempts have any effect at all is ignorance. This being the case, it stands to reason that knowledge is the best antidote for the situation.
Users, whether private persons or corporate employees, need to be made aware of what the icon actually means. They need to be educated on what protections it does and does not signify. Further, they need to be educated on what phishing is and learn some simple tricks to avoid falling prey to cyber-criminals relying on this particular method of conning people.