The 2nd quarter phishing activity trends report published by the anti-phishing working group (APWG) has reported a jump in the number of phishing attacks using encryption to fool victims.

As per the APWG report, 35% of phishing attacks in the second quarter of 2018 were hosted on websites with HTTPS and SSL certificate. This number was less than 5% in the last quarter of 2016.

Why are phishing attacks using encryption?

What’s the benefit of  using the HTTPS encryption protocol?

The ‘S’ at the end of the HTTPS stands for ‘Secure’. Connecting to a website over HTTPS is considered as being highly secure; all communications between the browser and the website are securely encrypted so that they cannot be read by a third party.  So, phishing attacks using encryption, or to say, having a HTTPS designation:

  • makes the phishing website feel more legitimate and thus increases the possibility of a successful phish; and
  • it frees the phishing website of negative browser indicators.

“The presence of padlock,” writes Brian Krebs, “does not mean that the site is legitimate, nor is it any proof that the site is security-hardened against intrusion from hackers.”

The best defense is to NOT to click on any links that arrive in your inbox. Try to reach the website directly in a separate window. DON’T just look for the lock- Make it a habit to check the URL in the address bar before you provide any sensitive personal information to a website.

What is phishing? 

Phishing is the fraudulent process of attempting to acquire sensitive information such as account usernames or passwords, Social Security numbers, and credit card details by masquerading as a trusted entity in an electronic communication – usually an email.

A “phisher” would send you an email pretending to be from a trustworthy person or business in an attempt to lure you to an official-looking [fake] website where you’ll be asked to enter personal information.

This information can then be used to commit crimes such as making fraudulent credit card purchases, withdrawing money from your accounts and even stealing your identity.


  1. Fight Phishing by emPower eLearning Solutions
  2. Phishing Activity Trends Report, 2nd Quarter 2018
  3. Half of all Phishing Sites Now Have the Padlock