Trustwave Certificate Authority is using an organization validated SSL certificate issued for a variety of PayPal phishing domains. SSL certificates are used to identify the website and to encrypt traffic between visitors and website.
There are basically three different categories of SSL certificates. When domain-validated (DV) certificate, only the control checks on a particular domain. In the case of an organization-validated (OV) certificate is the right of the applicant to use a specific domain name checked as well as a validation of the company. Thirdly, there is the Extended Validation (EV) certificate, the identity of the owner is thoroughly checked. Many certificates of misleading domain names are assigned DV certificates. Often this involves an automated process.
In the case of the OV and EV certificates, the verification will be conducted by people. It is also noteworthy that Trustwave an OV SSL certificate for paypal-office.com, myaccount-paypal.com and paypal-sign.com has been issued and used on a PayPal phishing site. The certificate was issued to a person in India, reports Internet company Netcraft. The phishing site has since been taken down, but the certificates are not revoked, according to Netcraft.
No comments:
Post a Comment