Topic: Half of all Phishing Sites Now Have the Padlock Sign (Read 621 times)

So many or almost all of these HYIP's are hosted in a secured SSL, because any website operator can buy a comodo to encrypt it and makes the site legit, but it doesn't guaranty the site is legit, it's not even a factor I looked when looking in a project, the plan, the people behind it are some of the things that you need to look but never the site's encryption.

Exactly. Anyone sniffing around can intercept the data you are sending over insecure networks. That doesn't mean that HTTP can't or shouldn't be used at all. It just shouldn't be used in connection with private data, passwords, logins, pins etc.

It's not so much that it's an insecure site on itself, rather the TCP connection between you and the site is not encrypted, which is bad for security.

Most browsers have already displayed such warnings when accessing an insecure site.

PhishLabs, the data source behind the link in the OP,  has an update report, and now places the mark at 68% for phishing sites using SSL (see https://info.phishlabs.com/blog/apwg-two-thirds-phishing-sites-ssl-https). Although their data for some Quarters decreases in percentage, it’s fair to assume that SSL certificates is a non-trustworthy indicator on its own, and that the assumption needs to clearly be demystified.

Time to get rid of this padlock sign once and for all. Just display an explicit warning to the user when SSL is not used...

bumping

I want to create a new topic about phishing under HTTPS websites, But, because I found this thread, maybe better if I make a post reply to this thread. Sorry for bumping threads.

---

Phishing attempts increase 400%, many malicious URLs found on trusted domains

Secure Socket Layer (SSL) is considered as a secure, means to secure user data on a website. However, a hacker is not a beginner, they are always looking for ways to get victims. If a website that uses SSL (HTTPS://) used to be considered secure if accessing it from all devices, now that can't be said to be 100% correct.

Let's look at the data in the article published by helpnetsecurity.com (the reference is at the end of the post), the article data shown:

• Nearly 24% of malicious programs are found on trusted websites.
• Nearly 29% of phishing websites use HTTPS to deceive victims.

This is an irony for those of us who often use websites. Especially for novice investors or airdrop / bounty hunters. If we don't pay attention to the URL we open, we can become victims of this cyber crime.

Let's look at the thread created by wwzsocki entitled "What is Punycode and how to protect yourself from Homograph Phishing attacks?". In that thread, there is an example of a phishing website which is a Binance duplication. The website was created using HTTPS on the domain to convince its victims and also trick users by using a similar alphabet.

Another example, from dkbit98, he found a Chainlink duplication website that also uses HTTPS on the domain to convince its users. Despite the fact that the website is a phishing website that utilizes user typo.

Back to the article, the article mentioned that in 2019, phishing websites had increased by 400%. The terrible thing is, the growth of phishing takes place only in 7 months from January - July 2019. The sectors that are targeted for phishing are:

• 25% are SaaS / Webmail providers
• 19% are financial institutions
• 16% social media
• 14% retail
• 11% file hosting
• 8% payment services companies

If you are still using Windows 7 on your computer OS.

• Between January and June, the number of IPs that host Windows exploits grew 75%
• Malware samples seen on only one PC are at 95.2%, up from 91.9% in 2018
• Out of all infected PCs, 64% were home user machines, and 36% were business devices, likely because home users aren’t protected by corporate firewalls and security policies and may not be updated as regularly.
• Over 75% of malware on Windows system hides in one of three places:
  41% in %temp%, 24% in %appdata% and 11% in %cache%.
• Businesses can easily set policies to restrict execution of any application from the %temp% and %cache% locations, preventing more than 50% of infections.

I recall there used to be numerous fake Blockchain wallet sites that were advertised via the Google ads and many people used to fall for such sites as the scam site came up first before the actual Blockchain site. Google's indeed banned crypto ads so such phishing sites should no longer be a problem, but it's always a good idea to check the certificate of any site you go on before inputting any actual user information so you're sure that you are using the right site. A few exchanges and other sites even tell you to do this before logging in.

Exactly, that's why Google Ads came down hard on such ads after that.

Last time I accidentally accessed a phishing link when I searched for an exchange name on Google. The same ad spot on the first page.

Not sure if it was mentioned before but it is sometimes very dangerous to trust the first result of a google search if it has the AD logo. Take a look at a random picture I found with the logo.




In the past, I've seen phishing sites of crypto exchanges being advertised this way that would be placed on top following a google search and below it came the official - legitimate site.   

The reason why Google banned crypto ads, was because they mostly impersonated legit sites and topped them in search results.

Many people have a habit of searching web addresses with google, this is quite a dangerous thing, google is just a smart search engine, it cannot distinguish phishing sites. So the best way is to save the secure domain name on your search toolbar

If they are running a phishing website then they have no interest in encrypting password. Besides, there is no way the user may know whether the password was encrypted or not.
HTTPS only encrypts data before it reaches the server.
When you type your password, basically, your browser will use the certificate it received from the website to encrypt the password and sends it. When it reaches the server, it will be decrypted and the website owner can see it as you typed it.

But if they decide not to encrypt the passwords, does the HTTPS do anything? They can be stored in plaintext, right?

Scammers tends to target ignorant users.
Any regular user, who haven't good knowledge of Internet security, will consider a website with a green padlock as a legit website.
The green padlock means that the trafic between browser and server is encrypted so no third party can read/modify the data the user sends to the server.

Any phishing website can get a green padlock. SSL certificate costs few bucks.
 

I have never really given much weightage for that padlock sign, as any site can get it via a free ssl. I have made it a habit to either bookmark my regular sites, or type their entire name.com till I find the legitimate one. I also would advise people whenever you visit a new site you’re not sure off, use a dummy email, and a 16 digit password like i do let them go nuts cracking that.

Now that's scary, since I usually eye for the padlocks. But just to pay several bucks extra doesn't cost much when the returns are greater since more people tend to fall for them.

Having padlocks doesn't mean it's safe from phishing. As long as there's a fill up form you won't know your safe as long as you fill up that form and input what is stated in the fill up form. Some fill up forms is working as it should be but the fill up form is also coded (HTML) to send the information that is submitted in the form. You may have finished signing up but the site owner also receive your information which is why having bookmarks to the sites you regularly access will keep you from phishing scheme. To be honest, I've been phished before but it's not about bitcoin, it's about a game I played before and fallen into a phishing site. Just make sure you add it on your adblocker if you found a phishing site to avoid it in the future.

Yups having bookmarks each site that you think are helpful is another form of security to prevent becoming a victim of phishing sites..thats what i always do whenever theres a sites that attracted my views

Though theres this thread i am using to take more precautions

https://bitcointalksearch.org/topic/crypto-scam-howto-protect-yourself-4264404