Itpa webheader

Phishing sites using HTTPS to trick users

By Dylan Bushell-Embling
Monday, 14 October, 2019

Phishing sites using HTTPS to trick users

Nearly one-third (29%) of phishing web pages are now using HTTPS encryption to impart unsuspecting visitors with a false sense of security, according to research from Webroot.

In addition, nearly a quarter (24%) of malicious URLs discovered during the half-year period were found to be hosted on trusted domains.

The security company’s latest Threat Report, covering the first half of 2019, found that phishing attacks are also becoming more sophisticated and personalised as more private information is harvested from breaches.

Attackers are increasingly using compromised accounts to send extortion emails claiming the user has been caught doing something embarrassing or damaging that will be shared with colleagues and family unless a ransom is paid.

Phishing attacks are also increasingly targeting secret questions and their answers as well as just usernames and passwords.

During the first half of the year, phishing attacks continued to grow rapidly, with a 400% increase in malicious URLs discovered.

The top industries impersonated in phishing attacks include SaaS or webmail providers (25%), financial institutions (19%), social media companies (16%), retail brands (14%), file hosting companies (11%) and payment services companies (8%).

Meanwhile, 1 in 50 URLs analysed for the research were found to be malicious — a worrying figure considering that 33% of office workers state they click more than 25 work-related links per day.

“We are beginning to see hackers create more personalised phishing emails using data gathered in recent massive breaches, as well as the use of HTTPS and trusted domains to seem more legitimate. These tactics take advantage of familiarity and context, and result in unwarranted trust,” Webroot Senior Threat Research Analyst Tyler Moffitt said.

“Businesses and consumers need to be aware of and continually educate themselves about these evolving methods and risks to protect their data and devices.”

Image credit: ©

Information Technology Professionals Association (ITPA) is a not-for-profit organisation focused on continual professional development for its 18,700 members. To learn more about becoming an ITPA member, and the range of training opportunities, mentoring programs, events and online forums available, go to

Related Articles

Australia faces risk of 'leakware' attacks

A cybersecurity expert is warning Australian councils and governments to be wary of an emerging...

E-waste disposal — the other data security threat?

It's important that IT professionals and organisations put in place policies for the safe...

Getting to grips with privacy obligations

At this month's ITPA Breakfast Briefing, a panel of experts canvassed the pros and cons of,...

  • All content Copyright © 2019 Westwick-Farrow Pty Ltd