Nearly half of phishing sites now use SSL.
Google has led a big push in recent years to get all websites to use Secure Sockets Layer (SSL). You know a site uses it when it starts with https:// instead of http:// and the browser shows a padlock next to the URL.
People have been trained to look for sites that are secure but this has created a false sense of security. According to new research from PhishLabs, half of all phishing sites detected last quarter used SSL.
SSL merely means that the data sent between you and the website operator is encrypted. So if you send data to a phisher using SSL, congratulations…you just securely sent your data to a criminal.
Perhaps this false sense of security is why Google is starting to downgrade the positive designations it uses in Chrome to identify sites using SSL. It no longer shows a green padlock with “Secure” next to the URL. It’s just a gray padlock. Eventually, sites with SSL will show no designation in Chrome; sites without it will show “Not Secure”: