• Skip to main content
  • Skip to header right navigation
  • Skip to site footer
iGuRu

iGuRu

Real-time Technology News. Opinions & Tweaks

  • / news
  • / infosec
  • / tools
  • / tweaks
  • / dummies
  • / opinions
  • / support
  • / yourpost
home / News / HTTPS: the feature that phishers love

HTTPS: the feature that phishers love

06/12/2017 16:35 by giorgos

"In the third quarter of 2017, we noticed that almost a quarter of all phishing sites were hosted on HTTPS domains, which is almost double the percentage we saw in the second quarter."

"A year ago, less than 3% of phishers used websites that had SSL certificates. "Two years ago, that number was less than one percent." said the PhishLabs administrator, Mr Crane Hassold.ssl - HTTPS: the feature that phishers love

The reasons behind this change are enough. Phishers often violate pages to host phishing attacks, and it is logical that by increasing legitimate domains with HTTPS there is also an increase in HTTPS pages that have been infringed.

Today, too, it is much easier, faster and cheaper to obtain SSL certificates. So the scammers are taking advantage of the situation to equip the e-fishing domains they use with HTTPS.

Although the vast majority of SSL certificates used in HTTPS phishing attacks are obtained for free by services such as Let's Encrypt or Comodo, their use is remarkable because they are not technically necessary for creating phishing websites.

"Without an SSL certificate, the phishing site would still be working as planned," says Hassold.

"So why do scammers bother to create an HTTPS page when it is not really needed? The answer is because phishers believe that the designation 'HTTPS' makes a phishing site more legitimate for potential victims and therefore more likely to lead to a successful outcome. And unfortunately, they are right. "

  • Password Managers locally or in the cloud?

Many users are unaware that the HTTPS presence only means that the communication between the browser and the site is encrypted. They believe that watching the green pad and HTTPS before a domain name means that the site itself is secure (ie Safe to use = legitimate).

The fact that browsers like Google Chrome show pages with SSL certificates as "Safe" in the URL bar does not help eliminate these attacks.

  • Removable or non-removable battery in a smartphone? For against
HTTPS: the feature that phishers love was last modified: 6 December, 2017, 4: 35 mm by giorgos

spread the news

  • Facebook
  • Twitter
  • Reddit
  • Printing
  • Email

Read them Technology News from all over the world, with the validity of iGuRu.gr

Follow us on Google News


Competition: Newstag: 2017, https, I'm sure, Phishing, SSL

You May Also Like

Brave the first browser with Peer-to-Peer IPFS protocol
MaskPhish: Easily hide phishing URLs
Chrome will test HTTPS when loading web pages

About Us giorgos

George still wonders what he's doing here ...

Previous Post: « Disqus Why we stopped using the service
Next Post: Bloatware in Windows 10: remove everything automatically »

Reader Interactions

Comment Policy:

IGuRu.gr does not publish the comments immediately. Malicious comments, comments that include ads, or comments that are offensive are deleted without notice. We do not adopt the opinions expressed by our readers.
Your comments will be displayed after approval by the administrators


Leave your comment
Ακύρωση απάντησης

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *

 

 © 2021 · iGuRu.gr · ☢ · Keep It Simple Stupid Genesis theme

about  ·   get in touch  ·  rss  ·  sitemap  ·  cough

loading Cancel
Could not post post - check your email address!
Email verification failed, please try again
Your blog can not post posts via email.