Fake Websites Snag Real SSL Certificates for Phishing Scams

A UK-based internet services company has discovered hundreds of SSL certificates issued to fraudulent domains impersonating popular websites to target victims in phishing attacks.

Comodo, GoDaddy, Symantec and other digital certificate issuing authorities have had fingers pointed their way by web-monitoring and Internet services company Netcraft after issuing SSL certificates to fraudulent domains and websites.

The fraudsters have created several faux websites replicating banks and financial websites, according to Netcraft. The targeted domains include companies like PayPal and banks such as Bank of America as well as Halifax and NatWest in the UK.

The Need for SSL Certificates

Secure Sockets Layer or SSL certificates are essentially data files that verify secure connections established between the user and the domain, or the browser and the web server, respectively. Casual users of the internet routinely see a green padlock icon at the beginning of the web address and deem the website safe to use, even more-so when making an online purchase or using the internet for financial transactions.

Speaking about the padlock icon that most internet users deem to be trustworthy, Netcraft adds:

“While the reality is more nuanced, the data submitted to a phishing site using TLS is protected from eavesdroppers. However, a displayed padlock alone does not imply that a site using TLS can be trusted, or is operated by a legitimate organization.”

However, Netcraft discovered that despite stringent industry requirements that specify vetting of requests from domains for SSL certificates, the fraudsters have obtained them for domains such as:

  • com ( SSL issued by Comodo)
  • com (SSL issued by GoDaddy)
  • Halifaxonline-uk.com (SSL issued by GlobalSign)

Related article: US Govt Mandates Encryption for All Federal Websites

As it turns out, the company issuing the most number of SSL certificates that have been used in phishing attacks is CloudFlare, accounting for 40% of the total number from August 2015 alone. Netcraft notes that CloudFlare is particularly appealing to fraudsters because due to its offering of its padlock icon without the need for the domain hosters to set up SSL on their web server, with a service called ‘Flexible SSL.’

Moreover, CloudFlare also provides free ‘Universal SSL,’ making it a favorite among fraudsters for obvious reasons. Comodo is responsible for providing 37% of the certificates, just behind CloudFlare while Symantec and GoDaddy are responsible for 9% each.