Phishing Sites Are Duping Users With That Little Green Padlock


HTTPS doesn't necessarily mean what you think it does.

When you're browsing online, you might think encountering a green padlock next to the URL means you're on a safe website. That's not quite so.

New research from PhishLabs has discovered that half of all phishing websites boast that green symbol of safety to better lure in victims.

That's 49 percent of phishing sites in the third quarter of 2018. That's an increase from 25 percent just a year ago, KrebsOnSecurity reports.

That big jump is due to the fact that many internet users implicitly trust that green lock indicates that the site is HTTPS and therefore trustworthy and secure. And without much effort or revealing a lot of information, criminals can now easily obtain the certificate that allows the green padlock to show up. It's a helpful reminder that people can't become complacent about online security.

"The lock doesn't tell you anything about the legitimacy of the site," John LaCour, chief technology officer at PhishLabs told CNET. "It only tells you that your data is encrypted as it's sent over the internet."

Security indicators may slowly be changing. In May, Google announced they would be switching how they would indicate the trustworthiness of a site. Instead of rewarding HTTPS websites with a green symbol, Google will mark HTTP sites as "not secure" with a bright red icon and a warning in the URL bar.

If you are worried about falling victim to a phishing scam in general, there are a few steps you can take to prevent that