Almost 80% of phishing domains use SSL
Is it enough to look for a padlock in the browser, or that the URL starts with https, to assess whether the website you are visiting is secure or not?
The answer to that question is no.
According to statistics from the Anti-Phishing Working Group (APWG), about 80% of phishing domains use SSL Certificates.
According to the latest quarter report from APWG eighty percent of phishing sites had SSL encryption enabled to fool victims. And not surprisingly, most of the implemented certificates used by Phishers were Domain-Validated certificates, which is the weakest form of certificate validation.
Phishing attacks have been around since the early days of the internet and are still today a type of online fraud that can affect companies and damaged their trust and reputation. Phishing aims to steal personal and / or financial information. There is no general solution to this – apart from general awareness and education, especially regarding e-mails and when visiting websites. The later can be difficult today as Phishing technology has evolved and is more sophisticated and complex than ever.
Why the right type of SSL is important for your company’s security and reputation
SSL Certificate is a security feature used by most websites today. SSL Certificates should signal to web visitors that they are visiting a secure website, but unfortunately the presence of SSL has become less and less reliable, as domains used in phishing attacks nowadays have often just implemented https.
A contributing factor to this is the availability of free SSL which is readily available today.
It also appears that most SSL certificates used by “phishers” are so-called Domain-Validated Certificates (DV). DV Certificates are based on the lowest form of certificate validation, as they are only validated at domain level (equivalent to undergoing more comprehensive validation of eg contact information for the company that owns the domain name).
For serious website owners, it is no longer a matter of having SSL certificates, but also the type of certificate used. The right choice of SSL Certificate increases the protection of your company’s security and reputation. There are serious certificate issuers with a solid validation for issuing SSL certificates, with whom we at Dotkeeper collaborate.