Once recommended as a sign of online safety, data suggests that around half of all phishing websites in Q3 2018 boasted the SSL padlock security icon next to its domain name, an increase of 35% over Q2. A likely reason for the increase is that users strongly associate the icon with legitimacy and safety (over 80% of one survey conducted in 2017). The padlock (Secure Sockets Layer/SSL), however, merely indicates that the data transmitted back and forth from site to browser is encrypted, protecting it against third party access.
Source: Half of all Phishing Sites Now Have the Padlock — Krebs on Security
