How encrypted sites are used to legitimize phishing scams

It was reported yesterday that the phishing research and defence firm PhishLabs published new analysis showing that phishers have been adopting HTTPS more and more often on their sites. When you get a phishing email or text, the sites they lead to—that try to trick you into entering credentials, personal information, and so on—implement web encryption about 24 percent of the time now, PhishLabs found.

http://brn.firetrench.com

Commenting on this, Tim Helming, director of product management at DomainTools said:

“While the change to encryption doesn’t have a significant impact on the operations of these phishing sites–they’re not likely to be subject to attempted man-in-the-middle attacks very often–it is a relatively easy way for them to look just a bit more legitimate. Consumers have become accustomed to looking for https, or the padlock icon, when connecting to e-commerce and other sites that handle sensitive data. This helps the phishers bypass one of the layers of scrutiny that more and more consumers apply to sites they visit.”