You can easily tell whether a website is encrypted, and therefore safe, if a padlock icon appears next to its URL and if it starts with HTTPS (instead of just HTTP). Unfortunately, hackers now use the very same tool that’s supposed to protect browsers from malicious entities via encrypted phishing sites.
How hackers use encryption to carry out phishing scams
According to recent research, 24% of phishing scams in 2017 use web encryption -- an astounding increase from last year’s 3%. This means more HTTPS sites may not be truly safe.
Phishing scammers rely on their victims to do what they ask, which is why it’s so effective. And with this new trick, unsuspecting users are more likely to be deceived. What makes this encryption-aided scam even more effective -- and dangerous -- is that it makes hackers’ phishing email or text that much more authentic-looking.
For example, if you receive an email that purports to be from Amazon and includes a link to an encrypted site, there’s now a slightly higher chance you’d believe this email is the real deal. Clearly, if you’ve never purchased anything from Amazon, you’d know that this is a fake. But then again, there are millions of Amazon customers who could be misled into thinking that that email is legitimate.
Does encryption mean a safer internet?
With organizations like the Internet Security Research Group and Google promoting encryption, the world wide web should be a safer place, but that’s not necessarily the case. In fact, encrypting more legitimate websites could simply result in an increased number of encrypted phishing sites.
It may also be useful to know that not all phishing sites use encryption. Many phishing scams are still carried out using websites that may or may not be encrypted.
What you can do to ensure safety
This isn’t meant to cause panic, and despite this new phishing tactic, encryption is still an essential security tool that every business must implement.
Websites with HTTPS are still much safer than unencrypted ones. This is why it’s more important than ever to be vigilant when visiting suspicious sites and clicking on links. If you receive an email from PayPal asking you to verify your bank account details or password to a seemingly secure link, be wary. Some phishing scams are easy to detect, but some are not.
Practice extreme caution when responding to requests for sensitive data. Consider the source of the message, think before clicking, and don’t hesitate to seek the advice of an expert in case you have doubts. Phishers succeed only if you do what they ask you to do.
Phishing and other cyber scams are constantly getting upgrades, and no single solution can prevent hackers from attacking you. But your business could be much safer with the right cyber security protections in place. If this is exactly what you need, get in touch with our cyber security technicians.