[ad_1]
392
When we visit a Web page in which we have to present our powers, The first thing we do is to look for the padlock or the https in the URL. However, a new survey on PhishLabs showed that this advice was no longer useful, since 49% of phishing pages that attempt to steal your data have the green padlock and HTTPS in the URL.
49% of phishing sites are HTTPS
Last year only 35% of phishing websites were in HTTPSbut this year the figure has increased to 49%. The hackers know what users see in a URL, and for that reason, they try to give it the most legitimate appearance possible, since HTTP Web now appears as "unsecured". In the investigation conducted by the company, the 80% of users believed that the fact that a website had the The green padlock implied that it was real and safe.
As we know, HTTPS only indicates that data transmitted between the browser and the Web is encrypted using Secure Sockets Layer (SSL). However, once arrived at their destination, they can be deciphered. Some URLs are directly false in short, with domains starting with "Xn" (known under the name of punycode). However, others seem so real that they use very similar URLs.
An HTTP Web site is not secure, but an HTTPS protocol may also not be.
In Chrome, punycode pages are flagged as unsecured fast enough. This is the case of Bibox, a crypto-currency exchange portal. A fake website that tries to borrow the identity of the domain bỉbox.com / login, but actually redirects to https: //www.xn--bbox-vw5a[.]com / login, which is a false domain and they mark it as such Chrome and Firefox.
All of this means we have to be very cautious about the links we have access to. The safest is that we have saved them in favorites, or that we have access to them by manually writing them in the URL drawer, as well as by searching them in Google. Clicking on links that we find on the network or that we may receive in phishing emails may expose us to this type of attack. So a page HTTP will always be 100% secure but that's a The HTTPS page does not indicate that it is completely secure.
Written by Alberto García
[ad_2]
Source link