In one month certificate authorities have hundreds of SSL certificates issued for misleading domain names used in phishing attacks. Therefore appears inside the browser a valid lock icon, so users may think it is a legitimate page.
Reported Internet company Netcraft. This relates to, for example, certificates banskfamerica.com and blockachain.info(published by Comodo) ssl-paypai-inc.com (issued by Symantec) and paypwil.com (published by GoDaddy). Certificate Authorities must check applications for risky domains, yet know enough scammers successfully applying for an SSL certificate, according to Netcraft.
The Internet company says that users are trained to watch for the presence of the "lock" before they enter sensitive information on websites, such as passwords and credit card numbers. "A padlock alone does not indicate that the website is trustworthy or run a legitimate organization," says Graham Edgecombe Netcraft. According to the analyst, most certificates misleading domain names are issued by Comodo. Positive exceptions are DigiCert and Entrust, which no expenditure single SSL certificate for a phishing site.
No comments:
Post a Comment