Phishing has always been hackers favorite act. It allows them to make multiple rewards after they succeed. Not only it allows them to hold companies at ransom but even use the information, esp financial to make steal money from the affected user. Underworld is always quick to adapt. This time around the hackers have found interesting ways to dupe people. Nearly half of the phishing sites display the SSL padlock which dupes the visitors in believing that the site is SSL/TLS verified. Padlock has become a de facto of security and legitimacy of websites and hence the hackers have found a way to phish details, by forging the page and putting a green padlock with https.
In a study by Phishlabs, it is said that nearly half of the phishing sites use the padlock. The presence of SSL doesn’t tell a user anything about genuineness of the website, the SSL/TLS certificates are to encrypt the connection between the browser and the server which avoids intrusion from hackers.
By Q3 2018, almost 49 percent of the phishing sites uses the SSL certificate, before one year it was 25 percentage and in the second quarter, it was 35 percent. The meteoric rise can be attributed to the widely accepted popularity of the SSL certified. According to PhishLabs survey conducted last year found more than 80% of respondents believed the green lock indicated a website was either legitimate and/or safe. The attackers taking advantage of internationalized domain names to introduce visual confusion and trick the user’s to believe it is a legitimate site.
Getting the SSL certificate is not really a difficult task. A lot of them are available free of cost and Cyber criminals sell them online as well. So this is really not the piece of the problem. The best way to figure out if the web page is legit or not is to use the website scanners and not just rely on the green padlock sign. The best way to stay safe is clean the cookies and search history on regular basis, not to store card data on the websites for ease of payments and always use trusted sources to access the internet.