The U.S. Federal Bureau of Investigation (FBI) issued a public service announcement regarding TLS-secured websites being actively used by malicious actors in phishing campaigns.
As we all know, websites with addresses that start with “https” are supposed to provide privacy and security to visitors. After all, the “s” stands for “secure” in HTTPS: Hypertext Transfer Protocol Secure. Internet users are encouraged to look for the lock icon that appears in the web browser address bar which indicates the web traffic is encrypted and website is legitimate so visitor can share data safely. However, this exposes them to phishing campaigns designed by threat actors to use TLS-secure landing pages which exploit the users’ trust to deceive them into trusting attacker-controlled sites and handing over sensitive personal information.
“They are more frequently incorporating website certificates – third-party verification that a site is secure – when they send potential victims emails that imitate trustworthy companies or email contacts,” the announcement mentioned. These phishing schemes are used to acquire sensitive logins or other information by luring them to a malicious website that looks secure.
In fact, this tactic is not something new. A study in November found nearly half of all phishing sites now deploy Secure Sockets Layer protection complete with a padlock icon in the browser bar in an attempt to give people a false sense of protection.
Craig Young, computer security researcher for Tripwire Inc.’s vulnerability and exposure research team, said there’s still no solid solution for helping the general public avoid the problem.
The FBI encourages victims to report information concerning suspicious or criminal activity to their local FBI field office, and file a complaint on their website.
Published by Tony Shepherd & last updated on June 17, 2019 2:49 am