Blog

Phishing alert: scammers now use encryption

Just when you thought cyber criminals couldn’t get smarter, along comes a new scamming technique. Previously used for safeguarding browsing activity, encryption tools are now used by hackers in carrying out phishing scams. This means some fraudulent sites may have HTTPS on their address, giving users a false sense of security.

How hackers use encryption to carry out phishing scams

According to recent research, 24% of phishing scams in 2017 use web encryption — an astounding increase from last year’s 3%. This means more HTTPS sites may not be truly safe.

Phishing scammers rely on their victims to do what they ask, which is why it’s so effective. And with this new trick, unsuspecting users are more likely to be deceived. What makes this encryption-aided scam even more effective — and dangerous — is that it makes hackers’ phishing email or text that much more authentic-looking.

For example, if you receive an email that purports to be from Amazon and includes a link to an encrypted site, there’s now a slightly higher chance you’d believe this email is the real deal. Clearly, if you’ve never purchased anything from Amazon, you’d know that this is a fake. But then again, there are millions of Amazon customers who could be misled into thinking that that email is legitimate.

Does encryption mean a safer internet?

With organizations like the Internet Security Research Group and Google promoting encryption, the world wide web should be a safer place, but that’s not necessarily the case. In fact, encrypting more legitimate websites could simply result in an increased number of encrypted phishing sites.

It may also be useful to know that not all phishing sites use encryption. Many phishing scams are still carried out using websites that may or may not be encrypted.

What you can do to ensure safety

This isn’t meant to cause panic, and despite this new phishing tactic, encryption is still an essential security tool that every business must implement.

Websites with HTTPS are still much safer than unencrypted ones. This is why it’s more important than ever to be vigilant when visiting suspicious sites and clicking on links. If you receive an email from PayPal asking you to verify your bank account details or password to a seemingly secure link, be wary. Some phishing scams are easy to detect, but some are not.

Practice extreme caution when responding to requests for sensitive data. Consider the source of the message, think before clicking, and don’t hesitate to seek the advice of an expert in case you have doubts. Phishers succeed only if you do what they ask you to do.

Phishing and other cyber scams are constantly getting upgrades, and no single solution can prevent hackers from attacking you. But your business could be much safer with the right cyber security protections in place. If this is exactly what you need, get in touch with our cyber security technicians.

Published with permission from TechAdvisory.org. Source.

Share this article:

Get Your IT Checkup

This is a no-pressure, 30-minute session with a Stringfellow business technology advisor—designed to give you immediate value whether you work with us or not. 

What You’ll Walk Away With:

  • A Digital Maturity Score – Quickly understand where your business stands across cloud, security, and tech leverage.
  • An Honest IT Impact Evaluation – Is your current setup helping, neutral, or hurting your growth?
  • Actionable Technology Wins – Immediate, business-focused recommendations to improve performance and reduce risk.

Glenn Harris

Head of Sales

Glenn Harris

Glenn leads our efforts in delivering HealthSafeIT and ProSafeIT to growing businesses looking to expand their operations and achieve success.

Categories

Contact Us To Learn More

Would you like to get in touch to learn more about our proven approach to managed IT services?

Fill out the form below and let’s connect.

"*" indicates required fields

Name*
Stay in the loop! Check this box to receive occasional updates and offers via SMS (optional).
This field is for validation purposes and should be left unchanged.