Phishing Sites are now Even More Tricky!
Half of all Phishing Sites Now Have the Padlock
If you’ve used your phone or computer for internet banking or online shopping, you’ve probably noticed the “secure” icon in the upper left-hand corner by the URL. This padlock lets the user know that the site has “secure socket” encryption.
Secure encryption means that the communication between you and the website server is encrypted. This is great if you frequent public WiFi spots. Let’s say you’re grabbing Starbucks and want to check your bank balance. Having that secure sign means that strangers around you would have a really difficult time “sniffing” the signal next to you and finding out your bank balance. What it doesn’t mean however is that the website you are on is a good one.
Bad websites can also have the padlock appear next to the URL. In fact, just this summer Google announced that every website must have the padlock in order to be searchable via their engine. So, most websites, bad and good, are now opting for the secure socket.
I researched it and it only costs a web host about 79 bucks a month. So, phishing sites now are savvy enough to have the secure socket connection. Remember, they want to be searchable on google’s engines as much as any other company.
Recent data from anti-phishing company PhishLabs shows that 49 percent of all phishing sites in the third quarter of 2018 bore the padlock security icon next to the phishing site domain name as displayed in a browser address bar.That’s up from 25 percent just one year ago, and from 35 percent in the second quarter of 2018. This alarming shift is notable because a majority of Internet users have taken the age-old “look for the lock” advice to heart, and still associate the lock icon with legitimate sites.
For people that are not tech savvy it may be temping to trust a website just by seeing the secure lock.
A PhishLabs survey conducted last year found more than 80% of respondents believed the green lock indicated a website was either legitimate and/or safe. In reality, the https:// part of the address (also called “Secure Sockets Layer” or SSL) merely signifies the data being transmitted back and forth between your browser and the site is encrypted and can’t be read by third parties.
The presence of the padlock does not mean the site is legitimate, nor is it any proof the site has been security-hardened against intrusion from hackers.
Please be safe out there. If you have any other advice for our readers please comment below!
You can also hear us discuss this new fad on our podcast! Please listen and subscribe below: