HTTPS Phishing

HTTPS phishing refers to a cyberattack in which the hackers pretend to be a legitimate website, using its HTTPS protocol to trick users into sharing private information. The data inputted by the unsuspecting user is directly recorded and sent to the hackers instead.

Examples of HTTPS phishing

  • Online banking: Hackers can use HTTPS to replicate a bank’s online login page. The victims unwittingly submit their sensitive data, such as login details, so the fraudsters can collect them to use later.
  • E-commerce fraud: Here, the hackers set up a fake e-commerce site using HTTPS. The unsuspecting users submit their payment information, unknowingly feeding them to the attackers.

Pros and cons of HTTPS phishing (for hackers)


  • Efficacy: Because there is a padlock present, the users do not question whether or not the site is legit. Which makes this a very efficient and successful mode of phishing.
  • Data interception: The hackers can intercept private user data such as personal identifiers, login credentials and credit card information. 


  • Detection: The latest web browsers and cybersecurity tools are better equipped at identifying phishing attempts, even the ones masquerading as HTTPS websites. 
  • Implementation complexity: The process of setting up a legitimate HTTPS phishing platform calls for a lot of expertise in comparison to regular HTTP attacks.

Avoiding HTTPS phishing

  • Confirm the site’s URL: Before visiting any websites, ensure the URL is the same as the website you wish to visit. A phishing scam can have similar-looking URLs, but close inspection will reveal the trick. 
  • Install reputable security tools: Ensure you install premium cybersecurity tools that can help you detect and block phishing attempts. 
  • Trust but verify: It is important to note that phishing websites can be quite convincing and, as such, can fool even the most careful users. We urge you always to confirm that the site is legitimate; even if you see the padlock icon, it is not guaranteed.