{"id":1493,"date":"2020-07-02T11:35:50","date_gmt":"2020-07-02T18:35:50","guid":{"rendered":"https:\/\/www.ssls.com\/blog\/?p=1493"},"modified":"2023-09-27T14:17:33","modified_gmt":"2023-09-27T21:17:33","slug":"the-growing-threat-of-phishing-sites-with-ssls","status":"publish","type":"post","link":"https:\/\/www.ssls.com\/blog\/the-growing-threat-of-phishing-sites-with-ssls\/","title":{"rendered":"The growing threat of phishing sites with SSLs"},"content":{"rendered":"\n
\"\"<\/figure>\n\n\n\n

The unfortunate reality of being an Internet user is that you must be constantly vigilant. Cybercriminals are becoming more sophisticated by the minute, continually coming up with new methods to trick users into handing over their personal information. Phishing is one of them. 
<\/pre><\/p>\n\n\n\n\n\n\n\n
In this blog post, we\u2019ll talk about the prevalence of phishing scams online, how malicious actors use SSLs in conjunction with these scams, and how you can prevent being ensnared and having your data compromised.  <\/p>\n\n\n\n
What is phishing? <\/h2>\n\n\n\n
Phishing is an attempt to steal someone\u2019s personal data \u2014 passwords, credit card numbers, or banking details, for example \u2014 by pretending to be a real institution or company. Typically, people are lured to a very authentic-looking but fake site where they are asked to fill in their information and that information is then used for nefarious purposes. Phishing can take place over the phone or through text, but it most commonly occurs over email. 
<\/p>\n\n\n\n
Phishing is by no means new, the term was first coined in 1996<\/a> and began with an attempt to steal people\u2019s AOL passwords. Now, over two decades later, phishing has become extremely common. Interestingly, although phishing attacks were down by 42% in 2019<\/a>, it\u2019s still no less of a threat. It has simply become more targeted, and scammers work harder than ever to convince unsuspecting users that they\u2019re the real deal. 
<\/p>\n\n\n\n
Unfortunately, SSL has become part of the ruse. <\/p>\n\n\n\n
How cybercriminals use SSL<\/h2>\n\n\n\n
A common practice scammers have adopted in the last few years is using SSL certificates on their fake websites. With Google\u2019s push for \u201cHTTPS everywhere\u201d in recent times, HTTPS and SSL certificates have become more widespread across the web. As of June 2020, 62.3% of all websites<\/a> use the https protocol. This is great. According to the most recent Anti-Phishing Working Group (APWG) report, in the first quarter of 2020, 75% of all phishing sites<\/a> used SSL. This is not so great. 
<\/p>\n\n\n\n
Scammers know that people are becoming more aware of the importance of HTTPS, and look for signs, such as an address bar padlock, that a website has an SSL certificate<\/a>. However, a website simply having an SSL is not enough to trust it blindly, particularly if it\u2019s requesting you hand over personal information. Beyond a site just having an SSL certificate, it\u2019s important to check the origin of the SSL, and who it was issued to. 
<\/p>\n\n\n\n
We\u2019ve said it before, but it bears repeating:
<\/p>\n\n\n\n
Just because a site has an SSL certificate, it doesn\u2019t mean it\u2019s safe to use. Your connection to that site is encrypted<\/a> and secure<\/a>, sure. But that doesn\u2019t mean that the content of the site isn\u2019t malicious.\u00a0
<\/p>\n\n\n\n
This is partly why Google has been deprecating many of the former visual indicators of its chrome browser over the past few years, such as the \u201cSecure<\/a>\u201d wording in the address bar, as well as the EV green bar<\/a>. While at first these indicators served as a way of encouraging people to adopt HTTPS on their site, these visual indicators can come with the unintended consequence of lulling users into a false sense of safety, especially when scam sites have them. <\/p>\n\n\n\n
How to protect yourself from phishing scams<\/h2>\n\n\n\n
There are a few things you can do to prevent falling prey to a phishing scam:
<\/p>\n\n\n\n
  1. Check your spam folder settings<\/strong><\/li><\/ol>\n\n\n\n
    If you\u2019re frequently finding dubious emails in your inbox, it might be a good idea to optimize your spam filter. The occasional phishing email can occasionally find its way into your main inbox, but it shouldn\u2019t be a regular occurrence. 
    <\/p>\n\n\n\n
    1. Find the real site through Google<\/strong><\/li><\/ol>\n\n\n\n
      If you get an email requesting private information that claims to be from an e-commerce store, your bank, or credit card company, don\u2019t click on any hyperlinks included in the email. Instead, Google the site in question and log in from there. If any actions are needed from you, it should inform you once you\u2019re logged into your account. Hover your mouse over the email hyperlink to see the site it links to and compare it to the web address of the real site. Chances are, they\u2019ll be quite different. If you\u2019re still unsure, contact their customer service via official channels to double-check. 
      <\/p>\n\n\n\n
      1. Check its SSL certificate details<\/strong><\/li><\/ol>\n\n\n\n
        If you do end up clicking on a link included in a potentially dodgy email (which we really don\u2019t recommend you do) take a closer look at the SSL certificate. What information can you glean about who the person or organization the certificate was issued to? If information is lacking or sounds suspect, don\u2019t proceed. 
        <\/p>\n\n\n\n
        1. Pay attention to design<\/strong><\/li><\/ol>\n\n\n\n
          While scammers are getting better at posing as real institutions, spoof emails and websites are usually a bit \u201coff\u201d in some way. Watch out for misspellings and strangely phrased sentences. A big red flag is if the email begins with \u201cDear customer\u201d instead of your actual name. The websites may also have the wrong color scheme or use a grainy, low-quality logo.  
          <\/p>\n\n\n\n
          1. Remember: if an offer sounds too good to be true, it probably is<\/strong><\/li><\/ol>\n\n\n\n
            As nice as it would be for companies to randomly give you a free iPhone or a $500 gift card, the chances of them doing it are unlikely, especially through an email with an all-caps subject line.  
            <\/p>\n\n\n\n
            1. NEVER give personal information to or download anything from an unfamiliar site<\/strong><\/li><\/ol>\n\n\n\n
              This should be implied from the rest of this post, but it bears repeating. If in doubt, don\u2019t give it out.<\/p>\n\n\n\n
              Wrap up<\/h2>\n\n\n\n
              It\u2019s an unfortunate reality that sometimes SSL certificates are used to make spoof websites seem more authentic. Hopefully, after reading this article you\u2019re better equipped to recognize phishing attempts when you encounter them and know what to look for when judging the legitimacy of an SSL certificate.
              <\/p>\n","protected":false},"excerpt":{"rendered":"
              The unfortunate reality of being an Internet user is that you must be constantly vigilant. Cybercriminals are becoming more sophisticated by the minute, continually coming up with new methods to trick users into handing over their personal information. Phishing is one of them. <\/p>\n","protected":false},"author":9,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1493","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/posts\/1493","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/comments?post=1493"}],"version-history":[{"count":4,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/posts\/1493\/revisions"}],"predecessor-version":[{"id":2692,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/posts\/1493\/revisions\/2692"}],"wp:attachment":[{"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/media?parent=1493"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/categories?post=1493"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/tags?post=1493"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}