Topic: Half of all Phishing Sites Now Have the Padlock Sign - page 2. (Read 655 times)

I am using https://transparencyreport.google.com/safe-browsing/search to check web site safety. Hope google service will be useful for other people.

Bump since phishing is a constant treat in the crypto sphere.

What if your paper notebook gets stolen, catches fire or gets destroyed by water?
Do you have another copy or an encrypted digital copy someplace safe?

Recently, my local ISP has added an anti-phishing service implicitly to my home network and mobile devices, and it has given me an alert when attempting to access the site referenced in the OP. Nevertheless, I will not rely fully on this feature, since phishing sites crop-up really fast and I fear they may not be detected promptly enough in all cases by my ISP.

While looking into it, I came across a report on phishing that shows the extent of the matter (see http://docs.apwg.org/reports/apwg_trends_report_q2_2018.pdf). The report gives us the following summary of facts for Q2 2018 (I have not located a Q3 report):
-   35% of attacks has https and ssl certificates (a bit less that stated in the OP -> different studies I guess). The report includes a chart showing a near to exponential increase on phishing attacks on https hosted sites since 2015.

-   In June 2018, there were 51,401 unique detected phishing sites (100K in April 2018).

-   June 2018 seemed to have 90.882 active email phishing campaigns.

-   During June 2018, at least 227 brands were targeted by phishing alt sites.

-   Phishing attacks target primarily the Payment industry (36%), SSAS/Webmail (21%), Financial Institutions (16%),  Cloud Storage/File Hosting (9%), Social Media (4%), and Others (14%).

 Makes on tremble …

You should never do that lmao that's just bad practice nowadays.

If people must insist on doing something of the sort, Duckduckgo is a lot cleaner and advertised sites at the top seem to be easier to distinguish than Google's. I wouldn't recommend using it for obscure services though, or even at all. The safest way is still to type the URL out on your own. Even bookmarks, however unlikely, could theoretically be compromised by malware.

Or better yet, type the URL manually on your address bar, or bookmark the link on your browser. It's a lot safer that way. and if you're visiting a site for the first time that you've Googled, don't click on the advertisement. Most of the time these types of phishing links are spread through search engine ads.

That's why i always spellcheck the website address. The alphabet have many look like same but in fact they are different, as you give example for "i" and "ỉ" in Vietnamese. I make a search, have some results that you must be careful and check it when you visit a website.

in English	in Vietnamese
a	á, â, ấ, ầ, ạ, ậ, ă, ặ, ắ, ằ, à
i	í, ì, ị, ỉ
u	ư, ú, ù, ụ, ứ, ự, ừ
e	ê, é, ẹ, è, ế, ệ, ề
o	ọ, ó, ò, ơ, ợ, ợ, ớ, ờ

"i" and "j" are two character need to be checked because it looks like same

You can even get free SSLs via Let's Encrypt and via Cloudflare; without any KYC whatsoever. People are completely underestimating how easy to get SSLs are.

Indeed. Remember the "biṇaṇce.com" phishing site? Take note of the dot below both n's. Bolded the characters for visibility.

They can buy cheap SSL in some hosting sites pretty easily these days and they can make phishing sites without giving their real information or they can use a whois guard to protect their information and I think they can also make a prepaid VISA or Master card without KYC and use it to buy a domain and hosting with fake info.

I remembered the news before about apple.com that hackers make a domain name the same as apple.com using a Punycode and lots of people victim with this phishing site before.

That is why we always need to keep checking the URL if the character is correct because there are some phishing site URL looks the same as the original site and always make sure that don't use or should not use the same password as you use in your email or don't give your real information without scanning it using virustotal.

You can make your own password database by saving the password on a spreadsheet just to make sure your email and important accounts are safe and always use an updated antivirus like Kaspersky I used this antivirus for how many years it can block all phishing site and it has a Punycode detection so your PC is safe for any malware and viruses but Kaspersky is expensive compared to other antivirus software.

Browsers should highlight "weird" characters in the URL bar, that makes it instantly obvious something fishy is going on.

I advise you to use bookmarks in your browser. This provides additional protection.

I use several e-mails to work with cryptocurrencies. I have a paper notebook in which I keep all passwords and e-mails. Safety is never superfluous. I advise you not to store information on the computer.

You should also use several emails and not have everything connected with your main email account. Your main email account should only be associated with your job, banking, family and close friends.
Everything else you do online like social media, your hobbies, Bitcointalk, bounty hunting etc should be divided with at least one additional email account.

I use 5 accounts:

1. Work related + Banking
2. For personal use, family and friends
3. Only for Bitcointalk
4. Social media
5. Used for registration on sites, downloading, airdrop/bounty related etc.

Well they would use a secure transmission - they don't want other sites to steal the information they are stealing from you.

Yes the op might be correct about his assessment but there are still tons of phishing site that are with out the padlock so the best safety measure is to avoid links from an authorized suspicious person

I never had considered the Padlock Icon as a sign of a website being legit or not. The Padlock Icon is only a sign that the website is operational under the SSL/TLS protocol which means the data you are inputting even though it is encrypted will still be accessed by the one in the receiving end of the website, the only ones who will have a hard time accessing your info are third party users looking to hijack your info from a SSL secured website. There are other obvious ways to detect a phishing website such as looking for trust seals and certifications of reputable clients. Here is the website of footlocker for example, you will see at the bottom of their website the trust seals of both Norton and McAfee which if you click you will find more information about their certification for the website.

This is a sad fact as criminals are getting better at scamming people. But the good thing is even though this common indicators might not be useful anymore we already have other alternatives on detecting a website if it is a phishing site or not. Just like how Chrome have with its extensions, from what I know there are Chrome extensions for detecting a website if it is a phishing site or not and it is really useful for your browser to have such a tool like that especially if you are into visiting a lot of new websites that involves you registering an account.

To be safe, I do not click on any unauthorized link and always bookmark links to sites I visit regularly.
Also have a unique passcode for every sit you use, and let it be distinctly different from your email password.
This is a growing menace as every day we are besieged with new links on the various platforms we frequent, and it's more difficult to check which is and isn't legitimate.
I sometimes don't a Google search to get which link to use.

Source: https://krebsonsecurity.com/2018/11/half-of-all-phishing-sites-now-have-the-padlock/



Maybe you were once advised to “look for the padlock” as a means of telling legitimate e-commerce sites from phishing or malware traps. Unfortunately, this has never been more useless advice. New research indicates that half of all phishing scams are now hosted on Web sites whose Internet address includes the padlock and begins with “https://”.

Recent data from anti-phishing company PhishLabs shows that 49 percent of all phishing sites in the third quarter of 2018 bore the padlock security icon next to the phishing site domain name as displayed in a browser address bar. That’s up from 25 percent just one year ago, and from 35 percent in the second quarter of 2018.

A PhishLabs survey conducted last year found more than 80% of respondents believed the green lock indicated a website was either legitimate and/or safe.
In reality, the https:// part of the address (also called “Secure Sockets Layer” or SSL) merely signifies the data being transmitted back and forth between your browser and the site is encrypted and can’t be read by third parties. The presence of the padlock does not mean the site is legitimate, nor is it any proof the site has been security-hardened against intrusion from hackers.

I found this cleverly crafted page that attempts to phish credentials from users of Bibox. Check the image below and see if you can spot what’s going on with this Web address:




Load the live phishing page at https://www.xn--bbox-vw5a[.]com/login (the link has been hobbled on purpose) in Google Chrome and you’ll get a red “Deceptive Site Ahead” warning. Load the address above — known as “punycode” — in Mozilla Firefox and the page renders just fine, at least as of this writing.

This phishing site takes advantage of internationalized domain names (IDNs) to introduce visual confusion. In this case, the “i” in Bibox.com is rendered as the Vietnamese character “ỉ,” which is extremely difficult to distinguish in a URL address bar.

If you’re a Firefox (or Tor) user and would like Firefox to always render IDNs as their punycode equivalent when displayed in the browser address bar, type “about:config” without the quotes into a Firefox address bar.



Then in the “search:” box type “punycode,” and you should see one or two options there. The one you want is called “network.IDN_show_punycode.” By default, it is set to “false”; double-clicking that entry should change that setting to “true.”


Source: https://krebsonsecurity.com/2018/11/half-of-all-phishing-sites-now-have-the-padlock/