Phishing sites trick users with fake HTTPS padlock

News
By published

Half of all phishing sites now have padlocks, but are anything but secure

The padlock icon next to a web address used to let users know that a site is legitimate and secure but now new research from PhishLabs suggests that this is no longer the case as have of all phishing scams are now hosted on websites that have the padlock and begin with HTTPS.

The company's research shows that 49 per cent of all phishing sites in Q3 2018 had the padlock security icon next to their web address which is a 25 per cent increase from last year and a 35 per cent increase from last quarter.

The HTTPS at the beginning of a web address (also called the SSL) merely signifies that the data sent between a user's device and the website is encrypted to prevent third parties from accessing it. 

With a legitimate website, this means that the data sent between a user and the site can not be accessed by anyone else. However, if the site happens to be hosting a phishing scam, then encrypting the data sent from a device will not actually protect the user and could very well fool them into thinking the site they've visited is legitimate.

Hidden in plain sight

Cybercriminals have a real knack for devising new ways to trick users and hosting phishing scams on websites that appear secure is quite effective because the idea that the padlock indicates a site is secure is almost ingrained in the minds of many internet users today.

Last year, PhishLabs conducted a survey which found that more than 80 per cent of respondents believed the green lock meant a website is legitimate and/or secure.

The company's CTO, John LaCour explained how Google's move to label sites without SSL certificates as not secure contributed to the rise of phishing sites that appear legitimate, saying:

“PhishLabs believes that this can be attributed to both the continued use of SSL certificates by phishers who register their own domain names and create certificates for them, as well as a general increase in SSL due to the Google Chrome browser now displaying ‘Not secure’ for web sites that do not use SSL. The bottom line is that the presence or lack of SSL doesn’t tell you anything about a site’s legitimacy.”

  • Protect your security online with out top picks for the best antivirus
Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Latest in Security
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Latest in News
Disney Plus logo with popcorn
You can finally tell Disney+ to stop bugging you about that terrible Marvel show you regret starting
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Philips Hue
Philips Hue might be working on a video doorbell, and according to a new report, we just got our first look at it
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Hatch Restore 3 in Putty
You can finally start your day with The Office theme song, and I couldn't be more excited
Cassian Andor looking nervously over his shoulder in Andor season 2
New Andor season 2 trailer has got Star Wars fans asking the same question – and it includes an ominous call back to Rogue One's official teaser
More about security
An abstract image of digital security.

Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft

"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
The iPhone 16 Pro Max and Samsung Galaxy S25 Ultra

5 things I want from the iPhone 17 – or I’m out and back to Android
See more latest
Most Popular
Philips Hue
Philips Hue might be working on a video doorbell, and according to a new report, we just got our first look at it
SDUNITED AX835-025FF mini PC
This mini PC with the incredible Strix Halo APU is yet another sign AMD may have given up on big brands for bleeding edge tech
Disney Plus logo with popcorn
You can finally tell Disney+ to stop bugging you about that terrible Marvel show you regret starting
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Hatch Restore 3 in Putty
You can finally start your day with The Office theme song, and I couldn't be more excited
Dell Pro Max with GB300
HP and Dell's latest Nvidia powered PCs are likely to be some of the most expensive workstations ever launched
Shape of Russia filled with Russian flag-colored internet codes on a black hacking background
A new wave of blocks in Russia targets VPN apps and Cloudflare subnets
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Ncuti Gatwa as The Fifteenth Doctor in Doctor Who
Disney+ drops new trailer for Doctor Who season 2 that promises an epic adventure across time and space