PhishLabs Research Exposes Level of Cybercriminals’ Misuse of HTTPS

The phishing Activity Tendencies Statement for Q3 2017 from the Anti Phishing Working Consortium has exposed the level to which cybercriminals are misusing the Hypertext Transfer Protocol Secure (HTTPS) procedure in phishing attacks.

Websites utilizing HTTPS encode the link between the browser and website to avoid man-in-the-middle attacks. There has been the main change from HTTP to HTTPS by online traders as well as other companies to offer an additional degree of safety and make sure buyers can submit confidential information like credit card details and passwords safely on their websites.

During the last 2 years, there have been main coverages in the general press of the requirement to make sure that sites begin with HTTPS and contain a green lock showing they are safe before confidential information is inserted.  Nevertheless, several buyers have been led to trust that if a site begins with HTTPS it’s safe and legitimate. Although the first point is surely correct. The second isn’t ensured. Cybercriminals have also been accepting HTTPS and utilizing the impression of safety to get confidential information.

For its statement, the APWG utilized data accumulated by PhishLabs. Phishlabs, a paying member of APWG, studied 54,631 exclusive phishing sites in Q3, 2017 and observed that nearly 25% of phishers have also switched to HTTPS. In several instances, they have received free HTTPS encryption documents letting them carry out their phishing attacks.  To put the 25% number into proportion, this time last year the proportion of phishing websites that utilized HTTPS was only 3%. Since the obtainability of free HTTPS documents increases, the proportion will definitely increase.

There is a usual tendency that for site proprietors to shift to HTTPS, partly stimulated by search engines like Google declaring that HTTP websites will be marked as unsafe. Nevertheless, PhishLabs notices that in its scrutiny of HTTPS phishing attacks in 2017 versus two of the most usually attacked varieties, 75% of the phishing websites used to affect those varieties were hosted on wickedly listed HTTPS websites.