There has been a steady increase in HTTPS phishing websites over the past couple of years, mirroring the transition from HTTP to HTTPS on commercial websites. HTTPS sites are those that have SSL/TLS certificates and display a green padlock next to the URL. The green padlock is an indicator of site security. It confirms to website visitors that the connection between their browser and the website is encrypted. This provides protection against man-in-the-middle attacks by ensuring data sent from the browser to the website cannot be intercepted and viewed by third parties.
HTTPS websites are now used by a large number of businesses, especially e-commerce website owners. This has become increasingly important since search engines such as Google Chrome provide clear indications to Internet users that sites may not be secure if the connection is not encrypted.
This is all good of course, but there is one caveat. Users have been told to look for the green padlock to make sure a site is secure, but the green padlock is viewed by many Internet users as a sign that the site is secure and legitimate. While the former is true, the latter is not. The green padlock does not mean that the site is genuine and just because it is displayed next to the URL it does not mean the site is safe.
If the website is controlled by a cybercriminal, all the green padlock means is that other cybercriminals will not be able to intercept data. Any information entered on the website will be divulged to the criminal operating that site.
It stands to reason for HTTPS phishing websites to be used. If Internet users are aware that HTTPS means insecure, they will be less likely to enter sensitive information if the green padlock is not present. Unfortunately, free SSL certificates can easily be obtained to turn HTTP sites into HTTPS phishing websites.
According to PhishLabs, back in Q1, 2016, fewer than 5% of phishing websites used HTTPS. By Q3, 2016, the percentage started to rise sharply. By Q1, 2017, the percentage had almost reached 10%, and by Q3, 2017, a quarter of phishing websites were using HTTPS. The 30% milestone was passed around Q1, 2018, and at the end of Q3, 2018, 49% of all phishing sites were using HTTPS.
A PhishLabs survey conducted late last year clearly highlighted the lack of understanding of the meaning of the green padlock. 63% of consumers surveyed viewed the green padlock as meaning the website was legitimate, and 72% saw the website as being safe. Only 18% of respondents correctly identified the green padlock as only meaning communications with the website were encrypted.
It is important for all Internet users to understand that HTTPS phishing websites not only exist, but before long the majority of phishing websites will be on HTTPS and displaying the green padlock. A conversation about the true meaning of HTTPS is long overdue and it is certainly something that should be covered in security awareness training sessions.
It is also now important for businesses to deploy a web filtering solution that is capable of SSL inspection – The decryption, scanning, and re-encryption of HTTPS traffic to ensure that access to these malicious websites is blocked. In addition to reading content and assessing websites to determine whether they are malicious, SSL inspection ensures site content can be categorized correctly. This ensures that sites that violate a company’s acceptable usage policies are blocked.
There is a downside to using SSL inspection, and that is the strain placed on CPUs and a reduction in Internet speeds. SSL inspection is therefore optional with many advanced web filters. To ensure that the strain is reduced, IT teams should use whitelisting to prevent commonly used websites from being subjected to SSL filtering.
WebTitan Includes SSL Filtering to Block HTTPS Phishing Websites
WebTitan is a powerful web filtering solution for SMBs and managed service providers (MSPs) that provides protection against web-based threats. There are three products in the WebTitan family – WebTitan Gateway, WebTitan Cloud, and WebTitan Cloud for Wi-Fi; all of which include SSL filtering as standard. If SSL filtering is activated, users will be protected against HTTPS phishing websites and other malicious sites that have SSL certificates.
All WebTitan products can be installed in minutes, require no technical knowledge, and have been designed to be easy to use. An intuitive user interface places all information, settings, and reports at users’ fingertips which makes for easy enforcement of acceptable Internet usage polices and fast reporting to identify potential issues – employees browsing habits and users that are attempting to bypass filtering controls for instance.
Whether you are an MSP that wants to start offering web filtering to your clients or a SMB owner that wants greater protection against web-based threats, the WebTitan suite of products will provide all the features you need and will allow you to improve security and employee productivity, reduce legal liability, and create a safe browsing environment for all users of your wired and wireless networks.
For further information on WebTitan, details of pricing, web filtering advice, to book a product demonstration, or to register for a free trial of the product, contact TitanHQ today.