As the world continues to deal with the COVID – 19 pandemic, many of us are finding ourselves working from home and maybe even going a little stir-crazy. Everyone has worked hard, even before most of the shelter-in-place orders, to ensure a large percentage of our workforce could work from home. While many of us have been blessed with the ability to realize a solution to keep going, we must also remain aware that cybercriminals are now going after remote employees through enhanced phishing techniques. A large percentage of these phishing attempts can be blocked at a corporate firewall, but some will ultimately make it through to the end user.
Cybercriminals are sending emails with screenshots to sites that look legitimate or embedding links to such sites. Some of the correspondence is attempting to make the site look genuine by acquiring a security certificate. However, anyone can acquire a certificate. Several of us have been told that if a website address starts off with https://, the s at the end of the http signifies the site is secure. This, however, does not mean the site is not malicious in nature. A site with an https:// does not provide any guarantees that the site is actually legitimate! Some of these websites even have a “This site is secure” statement. Specifically, it says, “The https:// ensures that you are connecting to the official website….”
Here’s the deal: The https:// part of an address (also called “Secure Sockets Layer” or SSL) merely indicates the data being transmitted between your browser and the site is encrypted and cannot be read by a third party.
However, the presence of “https://” or a padlock in the browser address bar does not mean the site is legitimate, nor is it proof the site has been secured against intrusion from hackers.
In other words, while readers should never transmit sensitive information to a site that does not use https://, the presence of this security feature tells you nothing about the trustworthiness of the website in question.
Here’s a sobering statistic: According to PhishLabs, by the end of 2019, roughly three-quarters (74 percent) of all phishing sites were using SSL certificates. PhishLabs found this percentage increased from 68% in Q3 and 54% in Q2 of 2019.
As stated before, anyone can acquire a security certificate and use https://. Always make sure a site is legitimate prior to accessing. Cybercriminals are becoming more sophisticated each day in their attempts to trick individuals into taking some type of bait such as clicking on a link, inputting private information into a request form, or entering a malicious site made to appear completely secure and legitimate. DO NOT FALL FOR THESE ATTEMPTS!
As always, thanks for reading and stay safe and secure!