Itpa webheader

Phishing sites using HTTPS to trick users


By Dylan Bushell-Embling
Monday, 14 October, 2019



Phishing sites using HTTPS to trick users

Nearly one-third (29%) of phishing web pages are now using HTTPS encryption to impart unsuspecting visitors with a false sense of security, according to research from Webroot.

In addition, nearly a quarter (24%) of malicious URLs discovered during the half-year period were found to be hosted on trusted domains.

The security company’s latest Threat Report, covering the first half of 2019, found that phishing attacks are also becoming more sophisticated and personalised as more private information is harvested from breaches.

Attackers are increasingly using compromised accounts to send extortion emails claiming the user has been caught doing something embarrassing or damaging that will be shared with colleagues and family unless a ransom is paid.

Phishing attacks are also increasingly targeting secret questions and their answers as well as just usernames and passwords.

During the first half of the year, phishing attacks continued to grow rapidly, with a 400% increase in malicious URLs discovered.

The top industries impersonated in phishing attacks include SaaS or webmail providers (25%), financial institutions (19%), social media companies (16%), retail brands (14%), file hosting companies (11%) and payment services companies (8%).

Meanwhile, 1 in 50 URLs analysed for the research were found to be malicious — a worrying figure considering that 33% of office workers state they click more than 25 work-related links per day.

“We are beginning to see hackers create more personalised phishing emails using data gathered in recent massive breaches, as well as the use of HTTPS and trusted domains to seem more legitimate. These tactics take advantage of familiarity and context, and result in unwarranted trust,” Webroot Senior Threat Research Analyst Tyler Moffitt said.

“Businesses and consumers need to be aware of and continually educate themselves about these evolving methods and risks to protect their data and devices.”

Image credit: ©stock.adobe.com/au/monsitj

Information Technology Professionals Association (ITPA) is a not-for-profit organisation focused on continual professional development for its 18,700 members. To learn more about becoming an ITPA member, and the range of training opportunities, mentoring programs, events and online forums available, go to www.itpa.org.au.

Related Articles

ICT sector tops list of shrinking job vacancies

Australia's ICT industry topped the list of online job vacancies posted online in April...

Best of 2019: Getting to grips with privacy obligations

Across the festive season we'll be reprising some of our best articles from 2019. Today, a...

Best of 2019: Cloud customers still making basic security mistakes

Across the festive season we'll be reprising some of our best articles from 2019. Today we...


  • All content Copyright © 2020 Westwick-Farrow Pty Ltd