[ad_1]
In short: Most non-tech-savvy internet users badume that a padlock in the navigation bar means that a site is legitimate and secure, but it's far from reality. A new study shows that 49% of all phishing sites use Secure Sockets Layer protection and, by extension, padlock from the third quarter of 2018.
Google has spent years trying to get more websites to adopt the HTTPS protocol, in which the data is encrypted using SSL / TLS when moving between the browser and the website. Many still think that the presence of a padlock is synonymous with reliability, but an increasing number of phishing sites use it.
According to new data provided by PhishLabs (via Krebs on Security), 49% of phishing websites using SSL are up from 35% in the last quarter and 25% a year ago. The increase is due to the number of phishers who register their own domain names and create certificates for them, as well as to Chrome which displays "Unsecured" on unencrypted sites. CAs are not able to verify each site to ensure its legitimacy, and many people who request these certificates do not have content at this time.
Last December, a survey conducted by PhishLabs showed that over 80% of respondents thought that the padlock indicated that a website was legitimate and / or safe, which is not true.
The browser builders are retaliating by collaborating with security companies to identify and block new phishing sites, but some manage to avoid being flagged. The safest option is to not enter your details if you have doubts about a website, even if it has a padlock.
Related reading
Source link
