Your IT Consultant

Don’t Always Trust HTTPS Websites with a Green Padlock

June 13, 2019

Secure internet connections are a good thing. In fact, browsers are starting to penalize sites that don’t use secure connections. At some point, you won’t even be able to access the website unless there is a secure encrypted https connection. However, don’t think you are safe just because there is a padlock indicating a secure connection. The FBI issued a warning that the bad guys are using secure https websites as destinations for their phishing campaigns hoping users will just click away and give up their credentials.

Just because a site uses https doesn’t mean it is a safe site. Attackers are using valid services such as Microsoft Azure Custom Domain Name registrations to host what are effectively fully credentialed phishing sites. In the warning, the FBI recommends checking for misspellings in domain names. You should also be wary of any link you receive in an email and make sure you have MFA (Multi-factor Authentication) enabled. Another item to add to our cybersecurity training presentations.

Email:   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://senseient.com