Phishing Sites Go HTTPS In Response to Chrome, Firefox New Feature

Phishing Sites Go HTTPS In Response to Chrome, Firefox New Feature

Netcraft researchers report that the number of phishing sites using HTTPS has increased since January when a new feature was introduced in Mozilla Firefox and Google Chrome browsers. Thanks to this feature, the two browsers display warnings when an HTTP website contains a password field in an attempt to protect users from man-in-the-middle attacks.

Related Story: Which Is the Most Secure Browser for 2017 – Firefox, Chrome, Internet Explorer, Safari

The Increase in HTTPS Phishing Sites Explained

The warning should also encourage these websites to switch to HTTPS when dealing with sensitive data such as usernames and passwords.

These warnings displayed by the popular browsers could affect many phishing sites, since most of them use HTTP connections. However, it appears that scammers know that perfectly well as there has been a dramatic increase in the quantity of phishing pages running HTTPS, the researchers say. This change in the behavior of the browsers may have actually made phishing more efficient:

If the new browser behaviour has driven this change — and the timing suggests it might have — then it may have also had the unintended side effect of increasing the efficacy of some phishing sites. Phishing sites that now use HTTPS and valid third-party certificates can appear more legitimate, and therefore increase the likelihood of snaring a victim.

Another theory that makes sense is that many legitimate websites have switched to HTTPS in accordance with the browsers. “Phishing sites are often hosted on compromised websites, and so this would naturally cause the number of HTTPS phishing sites to increase accordingly; or it could be that some fraudsters are now targeting HTTPS websites in preference to HTTP sites,” the researchers explain.

Related Story: The Brands Mostly Affected by Phishing and Domain Spoofing

Even though the majority of phishing sites still use HTTPS, the threefold increase in HTTPS in just a few months shouldn’t be neglected. Nonetheless, unsecured phishing sites could still be successful in their phishing attempts as not all browsers have the feature introduced in Firefox and Chrome. More specifically, neither Internet Explorer nor Edge display such warnings.

Milena Dimitrova

An inspired writer, focused on user privacy and malicious software. Enjoys 'Mr. Robot' and fears '1984'.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.