Increase In HTTPS Phishing Attacks

Over the past few years website owners have been encouraged to adopt HTTPS website domains rather than HTTP. With HTTPS, data in transit is encrypted; this provides additional security for transiting data, such as login credentials, which may contain information of use to attackers.

HTTPS domains are verified by SSL Certificate Authorities, who issue and authenticate certificates. The padlock symbol in the URL field links to the certificate provider’s website, and users are often advised to trust webpages with this symbol. However, while the padlock shows that encryption is used, it does not guarantee the legitimacy of the website. It is possible for attackers to compromise sites using HTTPS domains and use them to host malicious links. It is also easy for attackers to obtain legitimate certificates (often for free) and use them to set up their own malicious website.

Although this rising attack trend has been previously reported, recent research by cyber security company PhishLabs highlights a common misconception amongst average internet users, that websites using SSL and HTTPS, as signified by the padlock, are safe and secure to use. This is not necessarily the case and attackers have increasingly exploited this misunderstanding. In the third quarter of 2017, PhishLabs found that nearly a quarter of all phishing attacks observed were hosted on HTTPS domains.

To avoid becoming a victim of HTTPS phishing attacks, users and organisations should not rely on a padlock or link to an SSL certificate alone to verify the legitimacy of a website.  Other methods include paying close attention to the URL spelling and comparing it to a known and trusted version, and looking at the email source code to find the real name of a website or its IP address.