Recent data from anti-phishing company PhishLabs shows that 49 percent of all phishing sites in the third quarter of 2018 bore the padlock security icon next to the phishing site domain name as displayed in a browser address bar.

Brian Krebs on legitimacy.

Spoiler alert: SSL is still a goddamn scam.