Cybercriminals Use Green Padlock Icon to Trick Victims

  • The green padlock icon has been associated with security for quite some time.
  • Although Google has abandoned it for its Chrome browser, the icon continues to be considered as an indicator of safety.

Criminals are exploiting this belief and branding fraudulent sites with the green padlock icon.

What is the green padlock icon?

The green padlock represents that the data exchanged with the website in question is encrypted.

  • Although this represents encryption, the existence of this icon does not mean that every site with this icon is secure.
  • Even when you see the icon, it is always a good practice to check the address bar for typos of legitimate websites to check if you’re accessing a phishing site or not.

What is happening?

With criminals looking for new ways to convince victims to click on phishing links, the use of the green padlock icon has shot up.

The availability of free certificate services has made this quite easy, especially during the holiday season when scams are on the high along with sales and promotional emails.

“The bad actors are getting these phishing domains and registering them. Then they are standing up phishing sites on those domains that are essentially clones of the various e-commerce sites to fool the end user into believing they're on a legitimate e-commerce site,” say security experts.

How you can stay safe

Companies and individuals must do their part to stay protected from this type of fraud.

  • For individuals, the most basic thing to do would be to avoid clicking on suspicious links, especially those that seem too good to be true.
  • Organizations can add a layer of security by scanning for suspicious domains and filtering them out before the employees have a chance to access them.
  • Researchers also recommend monitoring the behavior of password managers. If they refuse to provide saved credentials for sites, this may be an indication of the site not being legitimate.