The FBI issued a public service announcement reminding people that the lock on the website (HTTPS) doesn’t always mean you are secure. It is just one more visual to look for, but bad actors also use HTTPS sites.
HTTPS stands for Hypertext Transfer Protocol Secure. In most browsers you can see the website URL as being https:// or http://. The Secure piece means the web traffic is encrypted.
However, bad actors can set up a HTTPS website and gain a TLS certificate almost as easily as the good guys. (TLS = Transport Layer Security) The certificate is an added layer of security that keeps traffic in motion between two sites secure. However, if the bad actor set up the website in the first place, then none of that security matters.
The FBI is warning people to watch for any unusual website redirects.
For more information, check out this article on the Bleeping Computer. https://www.bleepingcomputer.com/news/security/fbi-issues-warning-on-secure-websites-used-for-phishing/ This article was brought to our attention by the Cybersecurity Collaborative’s Morning Security Report.