While the use of HTTPS helps protect
Internet users’ data between the browser and the Web, more and more
phishing schemes are using the ignorance of green padlocks. PhishLabs, a
phishing
prevention company, yesterday released a new report that shows that
phishing sites are hosted on HTTPS pages significantly faster than the
entire HTTPS adoption rate.
According to Let’s Encrypt, which publishes more than 100 million crypto certificates, 65% of web pages loaded by FireFox last month used HTTPS, up from 45% at the end of 2016. In the meantime, 24% of phishing sites use network encryption. Just a year ago, less than 3% of these sites used HTTPS, down from less than 1% in 2015. An analysis of Q3 HTTPS phishing attacks against PayPal and Apple, the two major targets of attacks, shows that nearly three-fourths of all HTTPS phishing sites are hosted on maliciously registered domains rather than on hacked websites.
The main reason anglers turn to HTTPS is that many people think green padlocks are a sign of the credibility of a website. The certificate shows that the data is encrypted during transmission, this does not mean that the website has taken security measures and is legal. As Wired pointed out, one of the problems is that the certification authority can not inspect each site to make sure it does not contain phishing or malware attacks. Moreover, many websites that require an encrypted certificate do not have any content at the time.
No comments:
Post a Comment