Security News > 2020 > March > US Government Sites Give Bad Security Advice
Many U.S. government Web sites now carry a message prominently at the top of their home pages meant to help visitors better distinguish between official U.S. government properties and phishing pages.
Here's a sobering statistic: According to PhishLabs, by the end of 2019 roughly three-quarters of all phishing sites were using SSL certificates.
"Attackers are using free certificates on phishing sites that they create, and are abusing the encryption already installed on hacked web sites," PhishLabs founder and CTO John LaCour said.
The other reason is that they help phishers better disguise their sites as legitimate, since many Web browsers now throw up security warnings on non-https:// sites.
I should note that this misleading message seems to be present only on some federal government Web sites.
News URL
https://krebsonsecurity.com/2020/03/us-government-sites-give-bad-security-advice/
Related news
- Is Lenovo a blind spot in US anti-China security measures? (source)
- US proposes ban on Chinese, Russian connected car tech over security fears (source)
- Some US Kaspersky customers find their security software replaced by 'UltraAV' (source)
- T-Mobile US to cough up $31.5M after that long string of security SNAFUs (source)