The FBI has warned Internet users that they should not blindly trust websites with HTTPS certification and the green padlock as cyber criminals are increasingly using HTTPS in new phishing sites to assure users that such sites are safe to visit when they are actually not.
Domain-spoofing is among the most severe cyber threats of our time that affects organisations, governments, and individuals alike. The use of malicious URLs that mimic genuine ones not only helps criminals to obtain login details, personal and financial information of millions of people but also helps them in spreading fake news and disinformation to create panic and alarm.
The trick of domain-spoofing involves cyber criminals registering phishing sites that mimic the domains of popular and legitimate organisations and businesses and then making people enter their personal and financial information into these sites to steal such information.
The regularity with which cyber criminals resort to domain-spoofing can be gauged by the fact that in 2018 alone, HM Revenue and Customs (HMRC) removed as many as 20,750 malicious websites, many of which spoofed government sites, including HMRC itself, to defraud taxpayers into revealing their financial information.
One of the main indicators of a domain-spoofing website or a phishing site is its lack of security certification that indicates that information entered in the website can easily be viewed or stolen by third parties. Most websites that feature HTTP certification or lack the green padlock are said to be insecure or used by hackers to capture details of visitors.