Você está aqui: Página Inicial / Blog / Who would know this, right? More than half of malicious websites already use HTTPS

Who would know this, right? More than half of malicious websites already use HTTPS

PhishLabs notices that the adoption of HTTPS by malicious websites has shown a dizzying growth since the first quarter of 2017

PhishLabs has released worrying figures: according to the company's latest analysis, at least 58% of malicious websites on the web already use the HTTPS protocol and have an SSL certificate. This means that, in practice, these pages are easily passed as reliable and are pointed as "safe" by conventional browsers, which greatly increases their chances of being successful in deceiving an unsuspecting Internet user.

HTTPS (Hyper Text Transfer Protocol Secure), for those who don't know, is an enhanced version of traditional HTTP, which protects communication between the client and the server using an encryption layer. This layer, in turn, relies on Secure Sockets Layer (SSL) technology, which establishes the need for the server to have a certificate of authenticity to ensure that it is "reliable ground".

The problem is that, with the market turning HTTPS/SSL into a minimally acceptable standard for any website, it has become ridiculously simple to get a certificate - there are already even free certification authorities, like the popular Let's Encrypt. On the one hand, this is good, since it establishes a safer communication network for the user; on the other hand, it facilitates the action of fraudsters, who have now taken these resources to optimize their scams.

(Reproduction: PhishLabs)

PhishLabs also notices that the adoption of HTTPS by malicious websites has shown a dizzying growth since the first quarter of 2017, when the protocol was present in only 10% of the cunning pages. "More sites are using SSL because browsers warn users when it's not used, and more phishing scams are hosted on hacked and legitimate sites," explains John LaCour, the company's founder and CTO.

The lesson here is: the fact that a site is safe does not mean that it is safe. It may be trying to steal your credentials, but in a safe way... confusing? It can be. We can sum it up with one thing: don't rely anymore on whether a site has an SSL certificate or not as a deciding factor to trust it. It's worth keeping an eye out for other details that point to a possible phishing attempt.

Translated from: https://thehack.com.br/quem-diria-ne-58-dos-sites-maliciosos-ja-usam-https/