By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

The U.S. Federal Bureau of Investigation (FBI) issued a public service announcement regarding TLS-secured websites being actively used by malicious actors in phishing campaigns. Internet users are accustomed by now to always look at the padlock next to the web browser's address bar to check if the current page is served by a website secured using a TLS certificate. Users also look for after landing on a website is the "https" protocol designation in front of the hostname which is another hint of a domain being "secure" and the web traffic is encrypted. However, this exposes them to phishing campaigns designed by threat actors to use TLS-secure landing pages which exploit the users' trust to deceive them into trusting attacker-controlled sites and handing over sensitive personal information. "They are more frequently incorporating website certificates—third-party verification that a site is secure—when they send potential victims emails that imitate trustworthy companies or email contacts, " as the FBI says in the PSA. "These phishing schemes are used to acquire sensitive logins or other information by luring them to a malicious website that looks secure." While in a lot of cases bad actors will get their own SSL certificates to secure pages used in their campaigns to try and trick their targets, there is also a lot of them who just abuse pages hosted on cloud services which automatically inherit the certificates. For instance, during the last two months, crooks have been observed while hosting malware and command-and-control servers on Microsoft’s Azure cloud services as well as websites used to deliver tech support scams. Get better informed by visiting OUR FORUM.

 

Translate