Half of Phishing Sites Display Padlocks

Half of Phishing Sites Display Padlocks
Many internet users fall victim to scammers because they believe the padlock icon means a site is genuine.

(CCM) — Many internet users around the world are falling for scams on phishing sites which display a padlock icon. They wrongly assuming that the padlock guarantees that a site is genuine, even though this is not the case.

In fact the padlock icon merely indicates that communication between the user's browser and the web site is encrypted by a secure protocol called https, so that any data exchanged cannot be read or modified by a third party.

Scammers have picked up on the fact that many users misunderstand the meaning of the padlock icon and have begun to use https on their phishing sites. Data from a security company called PhishLabs found that 49% of scam sites use https, up from 35% at the end of the last quarter and 25% one year ago, according to a Techspot report.

The criminals may have unwittingly been assisted by Google, because its Chrome browser displays the words "Not Secure" on sites that have not implemented https and still use the unencrypted http protocol in an effort to boost the adoption of https.

A survey carried out by PhishLabs last year found that more than 80% of internet users think that the padlock icon proves that a web site is legitimate and safe.

Image: © triocean - Shutterstock.com