Cyber Actors Exploit ‘Secure’ Websites in Phishing Campaigns

The FBI’s Internet Crime Complaint Center (IC3) has released an alert on Hypertext Transfer Protocol Secure (HTTPS) phishing – a scheme which lures email recipients into visiting malicious websites that look legitimate and secure. More specifically, websites with addresses that start with “https” and with the lock icon are supposed to provide privacy and security to visitors. Unfortunately, cyber criminals are banking on the public’s trust of “https” and the lock icon. According to the IC3, they are more frequently incorporating website certificates – third-party verification that a site is secure – when they send potential victims emails that imitate trustworthy companies or email contacts. To help its partners reduce the likelihood of falling victim to HTTPS phishing, the IC3 offers a series of recommendations and encourages victims to report information concerning suspicious or criminal activity to their local FBI field office and file a complaint with the IC3. Regarding this threat, the NCCIC encourages partners to view its tip on Avoiding Social Engineering and Phishing Attacks. Read the advisory at IC3.