HTTP stands for hypertext transfer protocol, and it is the foundation of communication for the world wide web. HTTPS is an extension of HTTP. The “s” stands for “secure” and it indicates that data being transferred between your browser and a website is encrypted.
While the presence of https and a padlock symbol does indicate an encrypted connection, it does not necessarily follow that a website is a legitimate site. Websites that are used for phishing and other malicious activities may also use https. Therefore, looking for https and a padlock is not a good way to distinguish a phishing site from a legitimate site.
“Half of All Phishing Sites Now Have the Padlock,” Brian Krebs: