[ad_1]
You may have heard that you should look for the lock symbol at the top of the website before entering your pbadword or credit card information in an online form. It's a well-meaning tip, but new data shows that it's not enough to protect your sensitive information.
In the end, the fraudsters became savvy and began to add the padlock, which was until recently of a bright green in most browsers, as well as on their websites. This means that a padlock does not guarantee the security of a website.
According to data from the PhishLabs cybersecurity company, reported for the first time by security writer Brian Krebs, which shows that almost half of the fraudulent pages have a padlock – intended to indicate that the site is secure – next to the URLs of their websites. Fraudsters take advantage of the fact that many people rely on the padlock symbol to decide whether or not to trust a website, according to a report from the anti-phishing task force dating back to October.
"Phishers take advantage of unclear safety messages" around the symbol, according to the report's authors.
Now Playing:
Look at this:
Google Chrome pushes the Web to HTTPS
1:50
In the end, there is no single solution to protect you from the dark side of the Internet. You must be more careful than ever to avoid scam artists and check more than one sign of the legitimacy of a website.
This means making sure the URL of the website is correct and, as much as possible, typing the URL in the browser instead of following a link in an email. Tools such as pbadword managers and security software can also help: to prevent you from being trapped by a very convincing fraudulent website, they will warn you when a URL does not match the site. Legitimate web or prevent you from opening a fraudulent website.
"Awareness is really essential," said Adam Kujawa, director of the research group on the Malwarebytes cybersecurity company. "It's up to the user to say, is this really legitimate?"
What does the padlock really mean
The padlock has always been an imperfect symbol. He is there to tell you something specific, and also technical, and that is difficult to understand with a simple image.
The lock is supposed to inform you that a website sends and receives information from your web browser over an encrypted connection. . That's all. You can say that a website has an encrypted connection because it starts with the letters https and not http. Nowadays, websites use an encryption standard called TLS. With the secure connection, no one can read your web traffic when browsing the vast global Internet infrastructure.
Here's why an encrypted connection is a good thing: it ensures that sensitive information, such as pbadwords and credit card numbers, is scrambled so that only the website intended to receive it can read them. This is very important for things like online shopping or connecting to your bank's website.
That's also why it's still true that you should never enter your information if a website does not have a secure connection.
But many people I do not know, the lock means something so specific, said John LaCour, chief technology officer at PhishLabs. "We have already used ways to lock in the sense of security," he said.
Criminals Can Also Use Security Functions
Scammers who want to trap you by entering sensitive information can also place a green padlock on their website, and they are doing it more and more. When PhishLabs started collecting data in early 2015, less than half a percent of phishing websites had a lock. The number has risen rapidly, reaching about 24% by the end of 2017 and now over 49% in the third quarter of 2018.
It makes sense that fraudsters are increasingly using the lock, LaCour said. This is because it has become easier and cheaper for web site creators to use an encrypted connection, thanks to Google's cyber security experts, the Electronic Frontier Foundation and the Other technology heavyweights.
Criminals can now easily obtain certificates that allow locks to appear and encryption must take place, and they can do so without revealing much of who they are.
In addition, the changes made by major browsers such as Chrome and Firefox have made sites without TLS encryption much more dangerous for users, with a prominent warning that the site does not have the same effect. was not secure. This gave criminals extra motivation to post the lock on their websites, LaCour said, thus avoiding being suspicious.
"The lock does not tell you anything about the legitimacy of the site," he said. "It only tells you that your data is encrypted because it is sent over the Internet."
This is not all bad news
It's probably for the better that fraudsters use encryption on their phishing websites, said Nick Sullivan, head of cryptography at Cloudflare , a company that, among other things, helps organizations encrypt their websites.
Indeed, sending valuable information that everyone can intercept and read is always a bad idea, even if your immediate problem is that you just send your bank account information to a scammer in a other country.
"There is nothing wrong with phishing sites that have encrypted," Sullivan said.
CNET Holiday Gift Guide: The Perfect Place to Find the Best Technology Gifts for 2018.
Security: Keep up to date with the latest flaws, hacks, patches, and all the cybersecurity issues that keep you awake the night .
Source link
