FBI issued a warning that threat actors use secure HTTPS websites to trick the users and to acquire sensitive login credentials, banking information and other personal details.
Internet users tend to believe that if the padlock is present “look for the lock,” then the Website is legitimate and safe. However, in reality, the SSL certificates don’t tell you anything about site legitimacy, the SSL/TLS certificates are to encrypt the connection between the browser and the server, which avoids intrusion from hackers.
“Unfortunately, cybercriminals are banking on the public’s trust of “https” and the lock icon. They are more frequently incorporating website certificates—third-party verification that a site is secure—when they send potential victims emails that imitate trustworthy companies or email contacts,” states FBI.