Over half of phishing websites detected in the first quarter of 2019 used HTTPS. This is a trend that kept growing since mid-2016. HTTPS is designed to protect user privacy by encrypting the traffic between a website and the browser. It started as a defense against snooping traffic on pages with forms for sensitive information (payment card details, logins) and soon became a communication standard for the entire website. Impersonating an HTTPS website is virtually impossible now without a TLS certificate.
Source: https://www.bleepingcomputer.com/news/security/phishing-websites-increase-adoption-of-https/

