Hackers new tactic: Phishing attacks using HTTPS domains

by Derek Kortepeter
Sept. 1, 2017 2 comments TechGenix Encryption & Authentication phishing social engineering

The entire InfoSec community, including myself, has been vocal about the necessity of switching websites to the HTTPS protocol. It appears, however, that hackers utilizing social engineering methods like phishing have found a way to use this to their advantage. As reported by Anna Shirokova and Ivan Nikolaev of the CISCO Talos team, there has been an uptick in “domains being used for phishing, as well as by scammers offering fake technical support and by advertisers promoting products of questionable quality.” The difference from previous instances of such attacks, which are quite commonplace, is that these domains are able to give the semblance of HTTPS via appearance of the green padlock next to the malicious URL. To some, the green padlock is all that is needed for reassurance that the web domain they are visiting is secure. While HTTPS is without a doubt able to be trusted in the proper context due to its encryption protocols, it is not a magic bullet protection from scammers a...

http://techgenix.com/phishing-attacks-use-https-domains

Avatar
2flash 4 months, 3 weeks ago

Well written! I am happy how the author is exposing this new phishing tactic and creates awareness!

Reply
Avatar
Steven Ulm 4 months, 3 weeks ago

Phishing using HTTPS ? This is completely crazy.... I am wondering what else they will "invent"...

Reply