If the padlock sign in your browser gives you a sense of security when you visit a website, you must know that it is false. You are not secure even if a website shows that padlock at the start of its URL.
PhishLabs, the anti-phishing company, has found in a research that 49 percent of all known phishing sites use Secure Sockets Layer Protection (SSL) due to which you get to see the padlock.
However, those sites will still trick you into giving up sensitive information about yourself. The padlock or the SSL protection will just keep the web traffic encrypted.
The number of phishing sites using SSL protection has increased in the third quarter of 2018, as it was 35 percent in the second quarter and was 25 percent a year ago.
PhishLabs maintains that this significant increase is because of the rising attackers and also the response of the existing ones to software decisions.
The statistics show that many phishers are now acquiring web domains and creating SSL certificates for them. The reason behind this tactic can be associated with Google’s initiative to warn Chrome users about non-secure sites.
The attackers may have secured their sites to avoid these alerts. As for tackling this issue, many web browser developers are on it. They have been blocking known phishing sites whether they have SSL protection or not.
Nevertheless, it is quite unlikely that they will catch every site. Therefore, the most effective way to deal with these ‘secure’ phishing websites is to spread awareness and quell the assumptions.
One should always suspect the legitimacy of unprecedented requests for sign-ins and personal information, even if the site seems legit in appearance.