That's right! That green "trusty" padlock you see right next to the browser's address bar can no longer be trusted. As reported by KrebsonSecurity, new research indicates that half of all phishing sites hosted now include the padlock and begins with "https://".
A live Paypal phishing site that uses https:// (has the green padlock). (Image provided by KrebsonSecurity)
An anti-phishing company PhishLabs recently showed data that 49 percent of all phishing sites in the Q3 of 2018 now have the padlock security icon as displayed in the browser's address bar. Just one year ago, the percentage was at 25 percent, and just 35 percent in Q2 of 2018.
The https:// part of the address pretty much says that the data being transmitted back and forth between one's browser and the site is encrypted and cannot be read by third parties. However, the presence of this padlock does not mean that the site is legit, nor is it proof that such site is security-bound against intruders.
To read more on this issue, please see this article on KrebonSecurity.
Keep your data and yourself safe.