Half of all Phishing Sites Now Have the Padlock

We used to believe that a padlock shown in a web browser’s address bar meant that we were connected to a safe and secure web site. That’s no longer true. In fact, it never was completely true.

The padlock is shown when a web site has a security certificate installed and the connection is made using an encrypted “https” connection.

HTTPS protocol. (The letter “S” after “http” indicates a “secure” connection.) In fact, an https connection has some arguable drawbacks. Mainly, there’s virtually no barrier to anyone obtaining HTTPS certification, which has made it attractive for criminal groups hoping to add an air of authenticity to bogus sites. That little green padlock guarantees that you’re sending data encrypted, but not that the person on the receiving end has scruples.

When hackers create web sites to trap you, they almost always obtain a security certificate that will work on HTTPS and will display a little green padlock in your web browser. If so, your connection will be secure but you probably will still be ripped off by the hackers that run the site.

You can also read an article by internationally-known security expert Brian Krebs’ article about all the hacker sites that are now displaying https padlocks at https://krebsonsecurity.com/2018/11/half-of-all-phishing-sites-now-have-the-padlock/

Sadly, many web browsers will claim you have an insecure connection if https isn’t used. In fact, that warning is meaningless. The web site may still be insecure whether https is used or not.

In short, a padlock and an https connection are meaningless these days.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.