Do not trust TLS pages at face value
Everyone has been taught and reminded frequently to trust TLS based websites, look at the padlock sign, https and green bars. Since most people look at only these things and believe the website is secure, it is the same reason it is used for malicious activities by hackers. By trusting the website, hackers abuse the trust between the user and the website and lead them to phishing pages. FBI has issued a warning stating not to simply trust emails, website pages, question the intent of the content and do not trust websites just because it is HTTPS based. ” Unfortunately, cyber criminals are banking on the public’s trust of “https” and the lock icon. They are more frequently incorporating website certificates—third-party verification that a site is secure—when they send potential victims emails that imitate trustworthy companies or email contacts. These phishing schemes are used to acquire sensitive logins or other information by luring them to a malicious website that looks secure. ” – FBI
What should we do?
For starters, always question the emails received. If the email is from a trusted source, it could also have been compromised. Always make sure the email is from the person it seems. Most often hackers use malicious “similar” email address on face value, but when looked at fully, it is obvious that those emails are from different subdomain made to look similar. These emails are often longer than usual addresses. More campaigns needed to be carried out and to help users to verify the content and users. While the protocols are being manipulated by hackers, HTTPS is still good, it is still better than HTTP. But, with any good thing, there will always be someone looking to abuse it.
So stay vigilant and look out for things which seem unusual.