Phishing attacks exploit HTTPS, warns FBI
- Updated at March 19, 2021
- By Gatefy
- Blog, Security News
Do you know the HTTPS and that lock symbol that appear when you are surfing the internet and that many people say have to do with ensuring your security and privacy? So the story isn’t always quite like this. The FBI issued an alert stating that cybercriminals have taken advantage of the false security provided by HTTPS and the lock icon to apply new phishing scams, increasing the number of victims.
“The presence of “https” and the lock icon are supposed to indicate the web traffic is encrypted and that visitors can share data safely. Unfortunately, cyber criminals are banking on the public’s trust of “https” and the lock icon”, explains the warning.
That’s not a new scam, actually. For quite some time, crooks have been using HTTPS as a trick to fool more people. Indeed, as many users still believe that HTTPS is a guarantee that the website is a legitimate one, they end up falling into the fraud.
“They (cybercriminals) are more frequently incorporating website certificates — third-party verification that a site is secure — when they send potential victims emails that imitate trustworthy companies or email contacts.
These phishing schemes are used to acquire sensitive logins or other information by luring them to a malicious website that looks secure”, points out the FBI.
Table of Contents
Recommendations to fight phishing
In the announcement, the FBI makes recommendations so you can protect yourself against phishing attacks that use HTTPS. We’ve added a few more tips so that you and your company can prevent different forms of phishing scams. Here they are:
- Keep your systems up to date.
- Be suspicious of unexpected emails.
- Don’t believe on super fantastic deals.
- Always check the sender email address.
- Check the message content.
- Don’t click on suspicious links and attachments.
- In FBI words, don’t “trust the website just because it has a lock icon or “https” in the browser address bar”.