Netcraft Study: Phishing Sites with Valid SSL certificates

Wednesday, October 21, 2015

Phishing is an attempt by fraudulent attackers to acquire sensitive information from individuals. This information includes and not limited to, users names, passwords and credit card information.

Netcraft, a web server, and web hosting market-share analysis company on 12 Oct 2015 revealed the Certificate Authorities (CAs) responsible for issuing valid SSL certificates to phishing sites. This comes after stricter industry requirements to validate high risks domain requests after a series of data breach incidents on high net worth companies.

Exploiting the Habits of Users

Internet users have been trained to look out for virtual cues such as the green secure padlock and https protocol when it comes to trusting a website for transactions and passing of confidential data; making judgment based on what they see and what they know. To fraudulent attackers, such habitual behaviour is the perfect characteristic needed for users to fall into their trap of a phishing site.

Unaware to users, such visual indications must not be trusted blindly because there is more to it than meets the eye. In fact, cyber attackers typically make use of free SSL certificates provided by trusted CAs to deceive users into thinking a copied site is safe and legitimate.

paypal phishing
A screenshot of PayPal phishing site using CloudFlare Universal SSL by Comodo

Sites such as PayPal are often targeted by attackers for its business nature dealing with payments. The intention here is to trick users into thinking the site is safe and for users to key in their credentials. Uninformed and careless individuals may proceed to do without realizing the alterations in domain used on the site and the use of low assurance domain validated certificates to display the https protocol.

It’s Everywhere, BEWARE.

Such phishing sites lurk everywhere in the web and is done so to prey on unsuspecting victims. Often you find these links channeling from email and increasingly social media sources, even on search engine rank pages right above or below legitimate site links (yes.. we’ve seen it before).

Netcraft presented some useful statistics that can help you take note of the types of SSL certificates used for phishing with deceptive domains.

ssl phishing statistics
Source: Netcraft News

CloudFlare, a content delivery network is a popular choice amongst cyber attackers for phishing because of CloudFlare’s free to use SSL service, allowing thieves to bypass the high risks domain checks required by CAs. Second to that, is the use of free trial SSL by CAs that gives cyber attackers a good time frame to ‘grab-and-go’ without a trace.

What You Should Do

Train yourselves to look at specific details rather than trust the brand and secure protocol on the surface.

(1) When visiting a site, you should click on the green secure padlock on the address bar


(2) A drop-down menu will pop up beneath the green padlock

digital certificate drop down

(3) Click on ‘Connection’ next to the ‘Permissions’ tab. Here you will be able to see if a domain-validated certificate is in use from the description.

cloudflare ssl

(4) Click on ‘Certificate Information’ as underlined to see who the certificate is issued to. For sites that use CloudFlare free SSL, the certificate will be issued to a server under CloudFlare eg. In such instance, you should start thinking if this could potentially be a phishing site.

cloudflare ssl

If you are still unsure whether a site can be trusted, be sure to double check with the site owner via phone call and email, stating your reasons. If you sense something is amiss, immediately exit your web browser and report this problem to the site owner, informing the issue you encountered.

Only together as Internet users can we better secure the Web by looking out for one another and playing a part to eradicate problematic phishing sites. 

ashleeAbout Ashlee Ang

Ashlee is a content writer at Cyber Secure Asia where she writes about introductory topics on cyber security and cyber-related happenings in Singapore & South East Asia.

Share :    

Back to Blog