Security Experts:

Connect with us

Hi, what are you looking for?



Number of Phishing Sites Using HTTPS Soars

The number of phishing websites using HTTPS has increased considerably over the past few months since Firefox and Chrome have started warning users when they access login pages that are not secure.

The number of phishing websites using HTTPS has increased considerably over the past few months since Firefox and Chrome have started warning users when they access login pages that are not secure.

Internet security services firm Netcraft reported on Wednesday that, since late January, the proportion of phishing sites using HTTPS increased from roughly 5% to 15%.

One explanation for the rise is that, in late January, both Google and Mozilla implemented HTTP warnings in their Chrome and Firefox web browsers in an effort to protect their customers against man-in-the-middle (MitM) attacks.

Users of Chrome 56 and later, and Firefox 51 and later are warned when they are about to enter their credentials on a login page that does not use HTTPS. Since most phishing sites had been served over HTTP connections, cybercriminals may have realized that they need to step up their game and move to HTTPS.

“If the new browser behaviour has driven this change — and the timing suggests it might have — then it may have also had the unintended side effect of increasing the efficacy of some phishing sites,” explained Netcraft’s Paul Mutton. “Phishing sites that now use HTTPS and valid third-party certificates can appear more legitimate, and therefore increase the likelihood of snaring a victim.”

Phishing sites using HTTPS

Another possible explanation, according to the expert, is that the warnings introduced by Google and Mozilla encouraged website administrators to migrate to HTTPS. Since phishing pages are often hosted on legitimate sites that have been compromised, this may have also been a factor in the significant increase of phishing sites using HTTPS.

On the other hand, Mutton pointed out that some popular browsers, such as Microsoft’s Edge and Internet Explorer, don’t display any warnings for login pages, which means phishing sites served over HTTP will still be efficient in many cases.

Cybercriminals have been coming up with clever ways to phish users’ credentials. One recent campaign aimed at Google customers leveraged a fake Google Docs application. Google quickly killed the operation, but the incident showed that malicious actors continue to improve their methods.

Related Reading: Cybercriminals Use New Tricks in Phishing Attacks

Related Reading: Google Tightens OAuth Rules to Combat Phishing

Related Reading: Tracking Pixels Used in Phishing Campaigns

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


The North Korean APT tracked as TA444 is either moonlighting from its previous primary purpose, expanding its attack repertoire, or is being impersonated by...

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...