Gone are the days when you could trust all HTTPS sites to be secure, legitimate websites. According to recent studies, 24% of phishing scams in 2017 used web encryption; in 2016, this figure was closer to 3%.
This means more hackers are using ‘HTTPS’ on fraudulent sites to scam users. Why? Putting ‘https’ in a web address makes phishing scams look more authentic, so unsuspecting users are more likely to enter sensitive info on the fraudulent sites.
While this may sound scary, you don’t need to panic. Despite this new trick, most websites with ‘https’ are still safer than unencrypted websites.
What you can do to avoid becoming a victim:
- Be extra cautious with emails asking you to login to an account or verify sensitive info. Scammers use some very convincing tactics, and their emails may look as if they were sent by your bank or an online retailer.
- Avoid clicking any links in emails or online ads, and instead, navigate to websites by typing the web address into your browser or using a previously saved bookmark of the legitimate site.
- Check with an expert. If you’re not sure about an email, check with your IT team before taking any action.