Security experts have warned that websites displaying a padlock in the browser should be treated with caution, after revealing a sharp increase in phishing sites using HTTPS.
The findings come from Open Text Cybersecurity’s 2023 Global Threat Report, which is compiled from data collected from 95 million endpoints and sensors, as well as third-party databases and other resources.
It revealed that the share of phishing sites detected using HTTPS increased from 32% in 2021 to over 49% last year – a rise of nearly 56%.
“Many users incorrectly believe that HTTPS sites are ‘secure’ and that the padlock displayed in the browser is evidence that the site is legitimate,” the report warned. “Attackers are well aware of this popular perception, so they register domains, acquire certificates for them and establish malicious websites using these certificates.”
It appears that domain registrars and certificate-issuing authorities are becoming less effective at preventing fraudsters from obtaining and using legitimate certificates to enhance their phishing success rates.
Open Text also claimed the ratio of HTTPS to regular HTTP sites increased in 2022.
“While the April spike in phishing activity was accompanied by a corresponding drop in HTTPS usage, the October and November increases in phishing activity also saw the years’ highest HTTPS adoption rates,” the vendor explained.
“This may indicate that during the course of the year, attackers recognized the value in playing on users’ perception of HTTPS URLs as secure and started to rely on these URLs over HTTP URLs during periods of peak phishing activity.”
Phishing remains one of the most popular initial access vectors for cybercriminals. In fact, the total number of scam URLs increased by 30% between 2021 and 2022 – from 2.7 million to 3.5 million, according to the report.
