HTTPS is no longer secure: even hackers use it
Navigating the Internet is becoming more and more complicated and it is sometimes difficult to see scams coming. However, the HTTPS protocol helps us -in theory- to know if a site is very reliable or not. By taking a look at the URL address of a site, this acronym tells us that the connection is very secure between you and the servers of the Web page. On Chrome (or a real browser), you even have a little padlock that appears in front of the domain name, so you feel like nothing can happen to you. Conversely, if you try to go to a page that is not secure, you are warned that you are almost trying to cross the gates of hell. The importance of this HTTPS is such that even Google penalizes sites that do not comply with the standard by not showing them at the top of search results. However, today it is also the prerogative of hackers.
HTTPS: the safe hack
If there is one quality that we can praise in our enemies the scammers, it is this extraordinary ability to adapt to new cybernetic environments. Give them HTTPS and they get to use it to make you dive into their nets. You see the protocol in a web address, you lower your vigilance and there you are, the victim of a zealous hacker who has done his job very well. He simply installed a Secure Socket Layer (SSL) certificate on his phishing site and gave him a semblance of credibility. As long as the site is clean and built with seriousness, you will not see any difference with a legitimate one.
This is one of the new methods used by cybercriminals who trick you into directing you, through fraudulent e-mails, to sites that look less and less like scams. Thus, as usual, we try to extract information from you (all kinds of codes, personal data, bank account number, etc.), but we do it in a proper and conscientious manner. So, faced with so much demonic ingenuity, how not to fall into the trap?
The HTTPS acronym is no longer a guarantee of security for a website 👇https://t.co/zsl6HDgHOx
— Numerama (@Numerama) May 1, 2022
Time to check verification
It is true that if HTTPS is no longer a guarantee of security, we wonder how we can not succumb to the endless appetite of hackers to undermine our innocence. Our colleagues from Numerama asked Arnaud Lemaire, technical director of the cybersecurity company F5, on the subject. The latter has a first radical recommendation that calls for perpetual caution :
Never click on the link embedded in an email. We draw a line on the instantaneous side, but it is always better to go to the site from a browser and look for the information on your account yourself rather than fall into the trap.
In order to comfort paranoid people who will end up canceling their Internet subscriptions, he also reminds us that even official sites can be infected :
The attacker will attempt to retrieve content from a third-party data provider using cookies, such as an advertiser.
He therefore recommends making a Google search on the term before even entering a page that seems suspicious to you. The latter do not want to be referenced and prefer to operate in the shadow of e-mails.
First, they are generally ephemeral platforms linked to a campaign. Then the companies that the attackers want to usurp track down the scams. The group subscribes to a security service that will detect and alert the browser to the existence of this danger.
” Caution is the mother of safety and that’s even truer when you’re surfing the web, even if it makes us sound like your grandmothers. For even more security, you can use a VPN since this type of software allows you to encrypt your traffic without having to rely on an external certificate. Afterwards, it is useless if you obediently enter your credit card number in a fraudulent page…
