Dramatic Increase In Phishing Websites Using HTTPS

Share if you likedShare on Facebook0Share on Google+1Tweet about this on TwitterShare on LinkedIn9

The number of HTTPS phishing websites has increased since January. Since browsers have started alerting users when they access pages that do not use HTTPS.

The certificate authorities have issued thousands of SSL certificates for domain names clearly meant for use in phishing and scam. Scammers or Phishers usually use Let’s Encrypt and Comodo domain-validated certificates for phishing sites.

Netcraft (internet service) announced on Wednesday that the proportion of phishing sites using HTTPS increased from about 5% to 15%.

HTTPS PHISHING INCREASE

“If the new browser behaviour has driven this change — and the timing suggests it might have — then it may have also had the unintended side effect of increasing the efficacy of some phishing sites,” explained Netcraft’s Paul Mutton. “Phishing sites that now use HTTPS and valid third-party certificates can appear more legitimate, and therefore increase the likelihood of snaring a victim.”

“Another plausible hypothesis is that many legitimate websites have migrated to HTTPS in response to the new behaviour in Firefox and Chrome. Phishing sites are often hosted on compromised websites, and so this would naturally cause the number of HTTPS phishing sites to increase accordingly; or it could be that some fraudsters are now targeting HTTPS websites in preference to HTTP sites.” continues the analysis.

Netcraft has blocked phishing (scams) attacks on more than 47,500 sites with a valid SSL certificate between 1st January and 31st March 2017.

Blocked Certificates

Hackers are always trying to find clever methods to phish users.

Share if you likedShare on Facebook0Share on Google+1Tweet about this on TwitterShare on LinkedIn9

Eslam Medhat

is a professional pen-tester with over 9 years of IT experience bringing a strong background in programming languages and application security, ranging from network and system administration to exploit research and development. He reported various vulnerabilities for high profile companies and vendors and was successfully acknowledged by them.

Leave a Reply