Any website that begins HTTPS is secure, right? If that padlock icon is there, along with the S, you’re safe, right? Maybe.
The Internet Crime Complaint Center (IC3) issued a warning about HTTPS phishing today and we all need to take heed. Hackers are impersonating legitimate HTTPS sites, complete with third-party SSL security certificates, to make these sites look legitimate. The problem is, they may not be and if you enter your credentials into one of these hacker sites, you could expose your account.
This is a tricky one, as it requires even more vigilance than a simple email phish. A successful HTTPS phish could be very damaging.
Please review the IC3 alert here. Also, please review Cybersecurity and Infrastructure Security Agency (CISA) tips on Avoiding Social Engineering and Phishing Attacks. Both links contain useful information and reminders that you should share with your teams.