A Padlock in the Address Bar Might Not Be as Secure As You Think

You have probably seen a few sites here and there that, when you try to visit them, end up having a padlock displayed next to the address bar, which typically indicates that the page is secure. On the contrary, there are sites that show a "Not secure" warning. This only happens when the site you are going to is deemed dangerous by the built-in web browser tools that are designed to locate and identify threats that are posed to you while you surf the internet.

However, a new study conducted by PhishLabs deduced that almost half* of all phishing sites are displaying a Padlock security status in web browsers (surprisingly most of them are hosting their sites on .com domains) and trick the browser you are using into thinking that they are regular, secure sites that will not try to steal users private data. The truly shocking thing is that the proportion of phishing sites that have been able to disguise themselves as regular secure sites has been steadily growing over the past few quarters. Last year, only 25 percent of phishing sites were able to successfully disguise themselves. At that time the proportion seemed far too high, but further research conducted last quarter showed that the number had risen to 35 percent.

A Padlock in the Address Bar Might Not Be as Secure As You Think

This rise from one quarter to one third to one half is highly alarming and it shows that phishing sites are getting a lot better and smarter at encrypting their traffic, stealing your personal information without you even realizing it. The main problem that browsers are facing is the sheer scale of the phishing that is being conducted these days. The fact of the matter is that there are a lot of sites that do this kind of tricky business, and keeping track of all of them can be difficult. Still, it is essential for user safety so it is definitely something that browsers and internet security firms should work on.

*Update: PhishLabs confirmed the exact stats to Digital Information World that in Q1 of 2018, 33.08% of phishing websites were using the Padlock, in Q2 the number was 35.18%, while in Q3 of 2018 it jumped to 49.42%.

No comments:

Post a Comment