Study: Half of Phishing Websites Use Padlock Security Icon

December 3, 2018

Security system in network

© Yuichiro Chino - Moment/Getty Images

A common piece of cybersecurity advice is to look for the padlock icon to appear in your browser bar when you visit websites. This icon, ostensibly, indicates that the website is secure. But that advice may no longer be fool-proof.

New research from PhishLabs, a digital risk assessment company, shows that about half of all phishing websites use technology that displays the padlock icon to visitors. That’s an added challenge for real estate, which was the second-most targeted industry hit with malware events in the second quarter of 2018, according to a recent report from cybersecurity firm eSentire. Cybercriminals are increasingly attempting to infiltrate your transactions and steal your data.

The “https” protocol in website URLs usually signals that data is encrypted as it travels between browser and website. A poll of web users in December 2017 showed that more than 80 percent of respondents associated the padlock with a website that is either legitimate or safe. “Browser makers are fighting back by working with security firms to identify and block new phishing sites, but some manage to evade being flagged,” TechSpot reports on the findings.” The safest option is to not input your details if you have any suspicions about a website, even if it does have a padlock.”