Fraudsters use SSL-certificates for phishing

CAs provides the SSL-certificate to owner of fake domains used in phishing against known online stores and banks.

Just in a month attackers were able to obtain official security lock for hundreds of fake websites that are aimed at banks and other companies. When issuing such certificates, checks are minimal, if any exist.

As practice shows, for August 2015 were issued many certificates, which were associated with Paypal, Halifax Bank, etc. In addition, these certificates were issued by CloudFlare, Symantec, GoDaddy.

Clients are taught that they should to find a padlock in the browser before send valuable information to websites, such as credit card numbers and passwords. However, the display of padlock does not mean that the site can be trusted, or that the site belongs to a trusted organization.

We have many fake sites, they use similar domains. Usually they look quite credible, differing only in a few letters. Fraudsters can easily get a DV SSL-certificate, avoiding multiple audits.

Comodo offer free 90-day certificates, which are often used in phishing attacks. Symantec also offers free certificates for 30 days via his brand GeoTrust. Short period of work is the perfect gift for scams that implement phishing attacks.

Let’s Encrypt already offers free, automatically produced DV-certificates. Fake SSL-certificates is not new, but the price competition between the certification authorities and the level of certificates checks are gradually falling, while the number of phishing sites is increasing. As a result, Internet users are at high risk.

CAs simply checks whether you really owns the domain name. Some of them did not even check that the domain can be used for other purposes. And how do you know whether the domain will be used in phishing attacks? Unknown. All this complicates the procedure of determining the phishing sites, so the problem is still relevant.