FBI Issues Warning on Phishing Emails Containing Fake Secure Websites

The Federal Bureau of Investigation issued a Public Service Announcement notifying the public that nefarious actors are using TLS-secured (Transport Layer Security) websites in phishing campaigns. Internet users have been conditioned to assume “https” sites are legitimate and they look for the padlock near the address bar to confirm session encryption. These phishing campaigns emulate trustworthy companies and use website certificates to create a false sense of security in an attempt to convince users to submit their credentials or other sensitive information on compromised websites. The NJCCIC recommends users refrain from clicking on any embedded links or attachments, downloading any files, or accepting shared folder invitations that come from unsolicited or unexpected emails. Users are advised to verify the legitimacy of a website beyond the use of “https.” We also encourage users to review the NJCCIC products Don’t Take the Bait! Phishing and Other Social Engineering Attacks and Cybersecurity Best Practices for more information on how to keep their accounts and data safe. For further recommendations, read the full BleepingComputer article.