After revealing a sharp rise in phishing sites using HTTPS, security experts warn that websites displaying a padlock in the browser should be treated with caution.
Findings from Open Text Cybersecurity 2023 Global Threat Report, It is compiled from data collected from 95 million endpoints and sensors, as well as third-party databases and other resources.
The percentage of phishing sites detected using HTTPS has increased from 32% in 2021 to over 49% last year, an increase of nearly 56%.
“Many users mistakenly believe that HTTPS sites are ‘secure’ and that the padlock they see in their browser is proof that the site is legitimate,” warns the report. “Attackers are well aware of this common perception, so they register domains, obtain certificates, and use these certificates to establish malicious websites.”
Domain registrars and certificate authorities appear to be less effective at preventing fraudsters from obtaining and using legitimate certificates to increase their phishing success rates.
For more information on phishing, see 2022 Phone Attacks and MFA Bypass Drive Phishing.
Open Text also claimed that the ratio of HTTPS to regular HTTP sites will increase in 2022.
“While the spike in phishing activity in April was accompanied by a corresponding decline in HTTPS usage, the increase in phishing activity in October and November also marked the highest rate of HTTPS adoption for the year,” the vendor explained. Did.
“This indicates that throughout the year, attackers have realized the value of leveraging users’ perceptions of HTTPS URLs as being secure and have begun relying on these URLs over HTTP URLs during peak phishing activity. It may indicate.”
Phishing remains one of the most common initial access methods for cybercriminals. In fact, according to the report, the total number of fraudulent URLs increased by 30% from 2.7 million to 3.5 million between 2021 and 2022.
