Netcraft has found 450 phishing attacks in the last year that targeted Secure Socket Layer certificates.


Netcraft has found 450 phishing URLs using “https” urls to present a secure connection using the SSL.

The Netcraft Toolbar community has identified phishing attacks in which bogus sites use a certificate that can be expected to trigger a browser warning. The attackers use techniques like exploiting browser flaws, hacking legitimate sites or certain frames in the sites to make them look like legitimate banking sites.

Netcraft also gives examples of how such attackers use SSL:

a) SSL certificates are purchased for “sound-like” domains, allowing hacker sites pretending to be major institutions to have a locked icon.
b) Phishers use cross-site scripting to insert their own content into financial web sites.
c) They also use frame injection attacks to insert their own content into bank web sites, which also run under https with a secure lock icon.
d) Browser’s security holes, which allow illegitimate websites to use another site’s SSL certificates and present a secure bogus page with a locked icon.

Netcraft gives an example of a NewZealand bank whose SSL certificate expired and was fixed in around 24 hours. During this time, 300 customers were prompted with a security alert when visiting the bank’s website and all, except one of the customers, chose to ignore the alert.

The Netcraft site says, “Those results, coupled with the growing number of phishing scams invoking SSL, should motivate certificate authorities and browser developers to redouble efforts to educate Internet users about certificates and SSL security warnings.” [Source]

 

 

 

 

Sharing is caring