Reminder: That Padlock Doesn’t Mean It’s Secure

Reminder: That Padlock Doesn’t Mean It’s Secure We’ve mentioned this before, but the misconception has surfaced again, and it’s worth mentioning again. Looking for the padlock as a sign of a secure legitimate website isn’t an accurate indication that a site is malware free. Recent research indicates that nearly half of all phishing sites display the padlock and a web address that begins with https. Data from PhishLabs show that 49% of all phishing sites in third quarter 2018 had the lock icon. This is up 25% from a year ago. Since a majority of users take “look for the lock” to heart, this new finding is significant. 80% of the respondents to a PhishLabs survey believed the lock indicated a legitimate and safe website. Remind Employees, That Padlock Doesn’t Mean It’s Secure Remind employees that the https portion of the address signifies that the data being transmitted is encrypted and so can’t be read by third parties. The padlock itself signifies nothing more than this. Its appearance may mean nothing more than that criminals are just lending some bogus credibility to their site. John LaCour, chief technology officer for PhishLabs, said, “The bottom line is that the presence or lack of SSL doesn’t tell you anything about a site’s legitimacy.” More: https://blog.knowbe4.com/reminder-that-padlock-doesnt-mean-its-secure