Half of all Phishing Sites Now Have the Padlock Sign

[Pmalek]

Source: https://krebsonsecurity.com/2018/11/half-of-all-phishing-sites-now-have-the-padlock/



Maybe you were once advised to “look for the padlock” as a means of telling legitimate e-commerce sites from phishing or malware traps. Unfortunately, this has never been more useless advice. New research indicates that half of all phishing scams are now hosted on Web sites whose Internet address includes the padlock and begins with “https://”.

Recent data from anti-phishing company PhishLabs shows that 49 percent of all phishing sites in the third quarter of 2018 bore the padlock security icon next to the phishing site domain name as displayed in a browser address bar. That’s up from 25 percent just one year ago, and from 35 percent in the second quarter of 2018.

A PhishLabs survey conducted last year found more than 80% of respondents believed the green lock indicated a website was either legitimate and/or safe.
In reality, the https:// part of the address (also called “Secure Sockets Layer” or SSL) merely signifies the data being transmitted back and forth between your browser and the site is encrypted and can’t be read by third parties. The presence of the padlock does not mean the site is legitimate, nor is it any proof the site has been security-hardened against intrusion from hackers.

I found this cleverly crafted page that attempts to phish credentials from users of Bibox. Check the image below and see if you can spot what’s going on with this Web address:

Look carefully at the URL in the address bar, and you’ll notice a squiggly mark over the “i” in Bibox.
This is an internationalized domain name, and the real address is https://www.xn--bbox-vw5a[.]com/login

Load the live phishing page at https://www.xn--bbox-vw5a[.]com/login (the link has been hobbled on purpose) in Google Chrome and you’ll get a red “Deceptive Site Ahead” warning. Load the address above — known as “punycode” — in Mozilla Firefox and the page renders just fine, at least as of this writing.

This phishing site takes advantage of internationalized domain names (IDNs) to introduce visual confusion. In this case, the “i” in Bibox.com is rendered as the Vietnamese character “ỉ,” which is extremely difficult to distinguish in a URL address bar.

If you’re a Firefox (or Tor) user and would like Firefox to always render IDNs as their punycode equivalent when displayed in the browser address bar, type “about:config” without the quotes into a Firefox address bar.



Then in the “search:” box type “punycode,” and you should see one or two options there. The one you want is called “network.IDN_show_punycode.” By default, it is set to “false”; double-clicking that entry should change that setting to “true.”


Source: https://krebsonsecurity.com/2018/11/half-of-all-phishing-sites-now-have-the-padlock/

[1715166984]

1715166984

[1715166984]

1715166984

[1715166984]

1715166984

[1715166984]

1715166984

[Upgrade00]

To be safe, I do not click on any unauthorized link and always bookmark links to sites I visit regularly.
Also have a unique passcode for every sit you use, and let it be distinctly different from your email password.
This is a growing menace as every day we are besieged with new links on the various platforms we frequent, and it's more difficult to check which is and isn't legitimate.
I sometimes don't a Google search to get which link to use.

[Harlot]

This is a sad fact as criminals are getting better at scamming people. But the good thing is even though this common indicators might not be useful anymore we already have other alternatives on detecting a website if it is a phishing site or not. Just like how Chrome have with its extensions, from what I know there are Chrome extensions for detecting a website if it is a phishing site or not and it is really useful for your browser to have such a tool like that especially if you are into visiting a lot of new websites that involves you registering an account.

[Theb]

I never had considered the Padlock Icon as a sign of a website being legit or not. The Padlock Icon is only a sign that the website is operational under the SSL/TLS protocol which means the data you are inputting even though it is encrypted will still be accessed by the one in the receiving end of the website, the only ones who will have a hard time accessing your info are third party users looking to hijack your info from a SSL secured website. There are other obvious ways to detect a phishing website such as looking for trust seals and certifications of reputable clients. Here is the website of footlocker for example, you will see at the bottom of their website the trust seals of both Norton and McAfee which if you click you will find more information about their certification for the website.

[Dreamace7]

Yes the op might be correct about his assessment but there are still tons of phishing site that are with out the padlock so the best safety measure is to avoid links from an authorized suspicious person

[Jet Cash]

Well they would use a secure transmission - they don't want other sites to steal the information they are stealing from you.

[Pmalek]

Also have a unique passcode for every sit you use, and let it be distinctly different from your email password.

You should also use several emails and not have everything connected with your main email account. Your main email account should only be associated with your job, banking, family and close friends.
Everything else you do online like social media, your hobbies, Bitcointalk, bounty hunting etc should be divided with at least one additional email account.

I use 5 accounts:

1. Work related + Banking
2. For personal use, family and friends
3. Only for Bitcointalk
4. Social media
5. Used for registration on sites, downloading, airdrop/bounty related etc.

[madnessteat]

I advise you to use bookmarks in your browser. This provides additional protection.

I use several e-mails to work with cryptocurrencies. I have a paper notebook in which I keep all passwords and e-mails. Safety is never superfluous. I advise you not to store information on the computer.

[LoyceMobile]

Browsers should highlight "weird" characters in the URL bar, that makes it instantly obvious something fishy is going on.

[BitMaxz]

They can buy cheap SSL in some hosting sites pretty easily these days and they can make phishing sites without giving their real information or they can use a whois guard to protect their information and I think they can also make a prepaid VISA or Master card without KYC and use it to buy a domain and hosting with fake info.

I remembered the news before about apple.com that hackers make a domain name the same as apple.com using a Punycode and lots of people victim with this phishing site before.

That is why we always need to keep checking the URL if the character is correct because there are some phishing site URL looks the same as the original site and always make sure that don't use or should not use the same password as you use in your email or don't give your real information without scanning it using virustotal.

You can make your own password database by saving the password on a spreadsheet just to make sure your email and important accounts are safe and always use an updated antivirus like Kaspersky I used this antivirus for how many years it can block all phishing site and it has a Punycode detection so your PC is safe for any malware and viruses but Kaspersky is expensive compared to other antivirus software.

[mk4]

They can buy cheap SSL in some hosting sites pretty easily these days and they can make phishing sites without giving their real information or they can use a whois guard to protect their information and I think they can also make a prepaid VISA or Master card without KYC and use it to buy a domain and hosting with fake info.

You can even get free SSLs via Let's Encrypt and via Cloudflare; without any KYC whatsoever. People are completely underestimating how easy to get SSLs are.

Browsers should highlight "weird" characters in the URL bar, that makes it instantly obvious something fishy is going on.

Indeed. Remember the "biṇaṇce.com" phishing site? Take note of the dot below both n's. Bolded the characters for visibility.

[Xiaolongnu]

That's why i always spellcheck the website address. The alphabet have many look like same but in fact they are different, as you give example for "i" and "ỉ" in Vietnamese. I make a search, have some results that you must be careful and check it when you visit a website.

in English	in Vietnamese
a	á, â, ấ, ầ, ạ, ậ, ă, ặ, ắ, ằ, à
i	í, ì, ị, ỉ
u	ư, ú, ù, ụ, ứ, ự, ừ
e	ê, é, ẹ, è, ế, ệ, ề
o	ọ, ó, ò, ơ, ợ, ợ, ớ, ờ

"i" and "j" are two character need to be checked because it looks like same

[mk4]

That's why i always spellcheck the website address. The alphabet have many look like same but in fact they are different, as you give example for "i" and "ỉ" in Vietnamese. I make a search, have some results that you must be careful and check it when you visit a website.

Or better yet, type the URL manually on your address bar, or bookmark the link on your browser. It's a lot safer that way. and if you're visiting a site for the first time that you've Googled, don't click on the advertisement. Most of the time these types of phishing links are spread through search engine ads.

[jseverson]

I sometimes don't a Google search to get which link to use.

You should never do that lmao that's just bad practice nowadays.

If people must insist on doing something of the sort, Duckduckgo is a lot cleaner and advertised sites at the top seem to be easier to distinguish than Google's. I wouldn't recommend using it for obscure services though, or even at all. The safest way is still to type the URL out on your own. Even bookmarks, however unlikely, could theoretically be compromised by malware.

[DdmrDdmr]

Recently, my local ISP has added an anti-phishing service implicitly to my home network and mobile devices, and it has given me an alert when attempting to access the site referenced in the OP. Nevertheless, I will not rely fully on this feature, since phishing sites crop-up really fast and I fear they may not be detected promptly enough in all cases by my ISP.

While looking into it, I came across a report on phishing that shows the extent of the matter (see http://docs.apwg.org/reports/apwg_trends_report_q2_2018.pdf). The report gives us the following summary of facts for Q2 2018 (I have not located a Q3 report):
-   35% of attacks has https and ssl certificates (a bit less that stated in the OP -> different studies I guess). The report includes a chart showing a near to exponential increase on phishing attacks on https hosted sites since 2015.

-   In June 2018, there were 51,401 unique detected phishing sites (100K in April 2018).

-   June 2018 seemed to have 90.882 active email phishing campaigns.

-   During June 2018, at least 227 brands were targeted by phishing alt sites.

-   Phishing attacks target primarily the Payment industry (36%), SSAS/Webmail (21%), Financial Institutions (16%),  Cloud Storage/File Hosting (9%), Social Media (4%), and Others (14%).

 Makes on tremble …

[Pmalek]

I have a paper notebook in which I keep all passwords and e-mails.

What if your paper notebook gets stolen, catches fire or gets destroyed by water?
Do you have another copy or an encrypted digital copy someplace safe?

[Pmalek]

Bump since phishing is a constant treat in the crypto sphere.

[flameone]

Maybe you were once advised to “look for the padlock” as a means of telling legitimate e-commerce sites from phishing or malware traps. Unfortunately, this has never been more useless advice. New research indicates that half of all phishing scams are now hosted on Web sites whose Internet address includes the padlock and begins with “https://”.

I am using https://transparencyreport.google.com/safe-browsing/search to check web site safety. Hope google service will be useful for other people.

[Johnzky]

I advise you to use bookmarks in your browser. This provides additional protection.

I use several e-mails to work with cryptocurrencies. I have a paper notebook in which I keep all passwords and e-mails. Safety is never superfluous. I advise you not to store information on the computer.

Yups having bookmarks each site that you think are helpful is another form of security to prevent becoming a victim of phishing sites..thats what i always do whenever theres a sites that attracted my views

Though theres this thread i am using to take more precautions

https://bitcointalk.org/index.php?topic=4264404.0

[jademaxsuy]

Having padlocks doesn't mean it's safe from phishing. As long as there's a fill up form you won't know your safe as long as you fill up that form and input what is stated in the fill up form. Some fill up forms is working as it should be but the fill up form is also coded (HTML) to send the information that is submitted in the form. You may have finished signing up but the site owner also receive your information which is why having bookmarks to the sites you regularly access will keep you from phishing scheme. To be honest, I've been phished before but it's not about bitcoin, it's about a game I played before and fallen into a phishing site. Just make sure you add it on your adblocker if you found a phishing site to avoid it in the future.