"Volume of HTTPS Phishing Sites Surges 56% Annually"

Security experts at OpenText have warned that websites displaying a padlock in the browser should be treated with caution after revealing a sharp increase in phishing sites using HTTPS.  During the study, researchers analyzed data collected from 95 million endpoints and sensors, as well as third-party databases and other resources.  The researchers found that the share of phishing sites detected using HTTPS increased from 32% in 2021 to over 49% last year, a rise of nearly 56%.  The researchers noted that many users incorrectly believe that HTTPS sites are "secure" and that the padlock displayed in the browser is evidence that the site is legitimate.  Attackers are well aware of this popular perception, so they register domains, acquire certificates, and establish malicious websites using these certificates.  The researchers stated that it appears that domain registrars and certificate-issuing authorities are becoming less effective at preventing fraudsters from obtaining and using legitimate certificates to enhance their phishing success rates.  The researchers claimed the ratio of HTTPS to regular HTTP sites increased in 2022.  The researchers noted that while the April spike in phishing activity was accompanied by a corresponding drop in HTTPS usage, the October and November increases in phishing activity also saw the year's highest HTTPS adoption rates.  This may indicate that during the course of the year, attackers recognized the value in playing on users' perception of HTTPS URLs as secure and started to rely on these URLs over HTTP URLs during periods of peak phishing activity.

Infosecurity reports: "Volume of HTTPS Phishing Sites Surges 56% Annually"