Netcraft researchers report that the number of phishing sites using HTTPS has increased since January when a new feature was introduced in Mozilla Firefox and Google Chrome browsers. Thanks to this feature, the two browsers display warnings when an HTTP website contains a password field in an attempt to protect users from man-in-the-middle attacks.
The Increase in HTTPS Phishing Sites Explained
The warning should also encourage these websites to switch to HTTPS when dealing with sensitive data such as usernames and passwords.
These warnings displayed by the popular browsers could affect many phishing sites, since most of them use HTTP connections. However, it appears that scammers know that perfectly well as there has been a dramatic increase in the quantity of phishing pages running HTTPS, the researchers say. This change in the behavior of the browsers may have actually made phishing more efficient:
If the new browser behaviour has driven this change — and the timing suggests it might have — then it may have also had the unintended side effect of increasing the efficacy of some phishing sites. Phishing sites that now use HTTPS and valid third-party certificates can appear more legitimate, and therefore increase the likelihood of snaring a victim.
Another theory that makes sense is that many legitimate websites have switched to HTTPS in accordance with the browsers. “Phishing sites are often hosted on compromised websites, and so this would naturally cause the number of HTTPS phishing sites to increase accordingly; or it could be that some fraudsters are now targeting HTTPS websites in preference to HTTP sites,” the researchers explain.
Even though the majority of phishing sites still use HTTPS, the threefold increase in HTTPS in just a few months shouldn’t be neglected. Nonetheless, unsecured phishing sites could still be successful in their phishing attempts as not all browsers have the feature introduced in Firefox and Chrome. More specifically, neither Internet Explorer nor Edge display such warnings.