Don’t Trust HTTPS

Published On June 13, 2019 | By Tom Huskerson | Now You Know

Cyber crimnals are now using the HTTPS to gain your trust in phishing campaigns. A public service announcement from the FBI is revealing the problem and urging individuals to go beyond simply trusting any HTTPS URL.

Just what is HTTPS? HTTPS is indicated by that lock icon in the address bar. It means you have an encrypted website connection. Once reserved primarily for passwords and other sensitive data, the entire web is slowly moving away from HTTP and switching to HTTPS. HTTP stands for Hyper Text Transfer Protocol. The “S” stands for security. When you see a website with the HTTPS in the URL you know that you are securely connected and your data is encrypted. You’re safe to bank, shop, etc.

Or at least you used to be. According to the FBI and security experts, many people automatically assume that an encrypted site is secure from every sort of security issue. Not so.

The FBI’s PSA reveals that cyber criminals are increasingly deploying website certificates in phishing emails that impersonate known companies and individuals. These emails look legit but actually take the victims to pages that seek sensitive and personal information.

Kevin Bocek, vice president of security strategy and threat intelligence at Venafi explains, “This isn’t new; cyber criminals have been orchestrating these kinds of phishing campaigns for several years. Since 2017, security researchers uncovered over 15,000 certificates containing the word ‘PayPal’ that were being used in attacks. Since then it’s become clear that bad actors have an entire supply chain in place on the dark web to get trustworthy TLS certificates to use in all kinds of malicious attacks.”

The FBI’s PSA doesn’t recommend new technology. Instead they suggest a behavioral defense against these phishing attacks. The Bureau recommends questioning the intent of email messages, confirming the authenticity of messages before divulging sensitive information, looking for mis-spellings or domain inconsistencies, and not automatically trusting a website just because it displays a green lock icon.

Know you know.

Like this Article? Share it!

About The Author

Tom Huskerson Bio Born in Richmond Virginia Tom Huskerson is a military veteran who settled in California after his discharge. Tom attended Santa Barbara City College where he began his writing career as a campus reporter. He worked as an intern news reporter for the Santa Barbara News-Press writing feature stories before moving on to San Francisco. At San Francisco State University Tom studied broadcast communications and began to focus on the Internet. He completed his graduate thesis on Internet advertising. Tom was the first student to ever focus on the Internet as a graduate student at San Francisco State University. After graduation he went to work for Zona Research in California’s Silicone Valley. As a research associate Tom supported senior analyst writing on the latest developments in the Internet industry. During the dot com boom Tom worked for several web businesses as a market researcher and analyst. As a writer and researcher Tom has authored various technical works including a training program for Charles Schwab security. Other projects included professional presentations on workplace violence and hiring security contractors. Tom has also written both fiction and non-fiction works and blogging for a travel website. He has published two books of short stories and completed two novels. Tom is the owner of Scribe of Life Literature and EbonyCandle.com. Tom is not the chief editor for the OnTechStreet. com. A news and information blog that focuses on tech news for African-Americans. The blog is the result of his desire to inform the African American community of the dangers and benefits of the cyber age. In his blog Tom reports on information security, new and analysis, scams and hoaxes, legal happenings and various topics that arise from the age of information. Tom believes that technology is a necessary tool for black people and they should know what is happening. Tom writes believing that techno speak is for the professional and that valuable information can be communicated using plain language. As a result he has embraced the motto, Less Tech, More Knowledge.

Comments are closed.