(Image: Irina/Adobe Stock)
The "green lock" icon, harbinger of safe browsing, is becoming a trap for unwary consumers. Already abandoned by Google for its Chrome browser, the green lock is an increasingly unreliable indicator of safety, and its near-ubiquity is to blame.
In its "State of E-Commerce Phishing" report for 2019, NormShield reported that the number of potential phishing domains registered in 2019 was up by 11% over 2018. But the number of phishing domains with legitimate certificates for encryption more than tripled in the same time.
"Year over year, month over month, phishing is becoming more prevalent," says Bob Maley, NormShield's CSO. "The bad actors are getting these phishing domains and registering them. Then they are standing up phishing sites on those domains that are essentially clones of the various e-commerce sites to fool the end user into believing they're on a legitimate e-commerce site."
Part of that successful camouflage is the green lock icon that indicates encrypted legitimacy to users. It became a problem through products and services designed to make it easier for small organizations to properly protect their websites: Free and open certificate authorities like Let's Encrypt provide the same level of encryption (and same appearance of legitimacy) to criminal phishing sites they provide to legitimate small businesses.
At this time of year, especially, researchers see an increase in criminals registering typo-squatting and phishing domains that are a single character different from a legitimate domain, Maley says. ..
Support the originator by clicking the read the rest link below.
