web analytics

TLS Pages Used For Phishing

Do not trust TLS pages at face value

Everyone has been taught and reminded frequently to trust TLS based websites, look at the padlock sign, https and green bars. Since most people look at only these things and believe the website is secure, it is the same reason it is used for malicious activities by hackers. By trusting the website, hackers abuse the trust between the user and the website and lead them to phishing pages. FBI has issued a warning stating not to simply trust emails, website pages, question the intent of the content and do not trust websites just because it is HTTPS based. ” Unfortunately, cyber criminals are banking on the public’s trust of “https” and the lock icon. They are more frequently incorporating website certificates—third-party verification that a site is secure—when they send potential victims emails that imitate trustworthy companies or email contacts. These phishing schemes are used to acquire sensitive logins or other information by luring them to a malicious website that looks secure. ” – FBI

What should we do?

For starters, always question the emails received. If the email is from a trusted source, it could also have been compromised. Always make sure the email is from the person it seems. Most often hackers use malicious “similar” email address on face value, but when looked at fully, it is obvious that those emails are from different subdomain made to look similar. These emails are often longer than usual addresses. More campaigns needed to be carried out and to help users to verify the content and users. While the protocols are being manipulated by hackers, HTTPS is still good, it is still better than HTTP. But, with any good thing, there will always be someone looking to abuse it.

So stay vigilant and look out for things which seem unusual.

Author: Shivniel Gounder

TheGeek : Writes about information security, privacy, cybersecurity and latest tech gadgets and more.

Share This Post On

Submit a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: