Skip to main content
banner image
venafi logo

FBI Warns Users about Phishing Campaigns that Leverage HTTPS Websites

FBI Warns Users about Phishing Campaigns that Leverage HTTPS Websites

https phishing, tls certificate, phishing scam
June 18, 2019 | David Bisson


The Federal Bureau of Investigation (FBI) is warning users to be on the lookout for phishing campaigns that leverage websites protected by HTTPS.


On 10 June, the FBI’s Internet Crime Complaint Center (IC3) issued a public service announcement about what it calls “HTTPS phishing.” These attacks largely function like other phishing operations in that they redirect users to unfamiliar URLs in an attempt to steal individuals’ login credentials, payment card details, personal data and other information. But these campaigns differ in that they use “HTTPS” and a lock icon in the address bar. Doing so helps lull users into a false sense of security so that they’ll feel safe enough to share their data.


The FBI’s announcement might make HTTPS phishing sound like a new attack technique. But it’s not. Venafi senior threat intelligence researcher Jing Xie explains:


“We know that bad actors are actively using TLS certificates to persuade Internet users to willingly click on malicious websites. For example, Venafi research recently discovered an explosion in the number of potentially fraudulent retail domains. All these malicious pages used a trusted TLS certificate in order to be compliant with browser standards to appear safe and trustworthy. This tactic effectively encourages online shoppers who could unknowingly provide sensitive account information and payment data.”



Even worse, recent research from PhishLabs suggests that digital attackers are increasingly using TLS certificates to incorporate HTTPS into their attacks. The digital security services provider found that fraudsters hosted 25 percent of phishing attacks on HTTPS domains near the end of 2017. Within a year, that percentage jumped up to 49 percent.


Attackers get these TLS certificates from a variety of sources. Some obtain original TLS certificates for lookalike or typo-squatting domains designed to impersonate legitimate web services. But others have relied on stolen and abused SSL/TLS certificates.


This latter tactic makes sense to Kevin Bocek, vice president of security strategy and threat intelligence at Venafi, given a recent scan of underground Internet marketplaces:


“We found definitive evidence of TLS certificates for sale on the dark web. While personal data like Social Security numbers can sell for as little as $1 on the dark web, SSL/TLS certificates that deliver high levels of trust routinely sell over a thousand dollars. These certificates allow attackers to disguise all kinds of malicious activities and remain undetected by most security controls.” 


In response to these growing attacks, the FBI recommends in its announcement that users protect themselves by carefully scrutinizing suspicious emails based upon their content, calling a sender to confirm that a suspicious email received from them is legitimate, analyzing emails for misspellings or wrong domains and exercising caution around unfamiliar websites, even if they include “HTTPS” and the lock icon in the address bar. If users come across anything suspicious, the FBI encourages them to submit a complaint with its IC3 at


Beyond these measures, organizations can help stem the tide of HTTPS phishing by making sure their encryption keys and certificates are safe from attackers. The only way they can do this is by using a centralized machine identity management solution to gain visibility over all of their certificates. This solution should, in turn, help monitor these encryption assets for signs of abuse.



Like this blog? We think you will love this.
Featured Blog

What Is IP Spoofing?

What is IP Spoofing?

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

David Bisson
David Bisson

David is a Contributing Editor at IBM Security Intelligence.David Bisson is a security journalist who works as Contributing Editor for IBM's Security Intelligence, Associate Editor for Tripwire and Contributing Writer for Gemalto, Venafi, Zix, Bora Design and others.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more