Phishing sites using HTTPS to trick users


By Dylan Bushell-Embling
Monday, 14 October, 2019


Phishing sites using HTTPS to trick users

Nearly one-third (29%) of phishing web pages are now using HTTPS encryption to impart unsuspecting visitors with a false sense of security, according to research from Webroot.

In addition, nearly a quarter (24%) of malicious URLs discovered during the half-year period were found to be hosted on trusted domains.

The security company’s latest Threat Report, covering the first half of 2019, found that phishing attacks are also becoming more sophisticated and personalised as more private information is harvested from breaches.

Attackers are increasingly using compromised accounts to send extortion emails claiming the user has been caught doing something embarrassing or damaging that will be shared with colleagues and family unless a ransom is paid.

Phishing attacks are also increasingly targeting secret questions and their answers as well as just usernames and passwords.

During the first half of the year, phishing attacks continued to grow rapidly, with a 400% increase in malicious URLs discovered.

The top industries impersonated in phishing attacks include SaaS or webmail providers (25%), financial institutions (19%), social media companies (16%), retail brands (14%), file hosting companies (11%) and payment services companies (8%).

Meanwhile, 1 in 50 URLs analysed for the research were found to be malicious — a worrying figure considering that 33% of office workers state they click more than 25 work-related links per day.

“We are beginning to see hackers create more personalised phishing emails using data gathered in recent massive breaches, as well as the use of HTTPS and trusted domains to seem more legitimate. These tactics take advantage of familiarity and context, and result in unwarranted trust,” Webroot Senior Threat Research Analyst Tyler Moffitt said.

“Businesses and consumers need to be aware of and continually educate themselves about these evolving methods and risks to protect their data and devices.”

Image credit: ©stock.adobe.com/au/monsitj

Information Technology Professionals Association (ITPA) is a not-for-profit organisation focused on continual professional development for its 18,700 members. To learn more about becoming an ITPA member, and the range of training opportunities, mentoring programs, events and online forums available, go to www.itpa.org.au.

Related Articles

Measuring inefficiency

With a view to improving my 'leanness' and stop myself working so many extra hours, I...

Cybersecurity advice in the wake of Ukraine

In light of the current situation in Ukraine, the ACSC is urging all Australian organisations to...

Why major IT changes can wait

Attempting major IT changes late in the day — or week — can be a recipe for disaster.


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd