It is believed that the lock icon or mark “safe” in the address bar of the site indicates its security, but according to the IS experts, such visual clues should not be blindly trusted, because the attackers also use them to deceive users.
According to the results of
“Since large browsers added SSL alerts to the address bar, the bad guys have also started using SSL/TLS lock icons,”
– said DigiCert specialist Dean Coclin.
While earlier attackers were more likely to use SSL certificates with domain validation (Domain Validated), which can be obtained for free in services such as Let’s Encrypt, now it is not superfluous to be cautious about EV certificates that are considered more reliable, says APWG.
“The advent of phishing sites using Extended Validation certificates is a stark reminder that phishers are increasingly turning security features against users,”
– indicated in the company report.
According to PhishLabs research, 91% of the detected phishing sites used domain validated SSL certificates, 27 sites used EV certificates. According to experts, since EV-certificate is more difficult to obtain, the attackers crack sites that already use such certificates.
Experts are concerned that SSL-certificates offer the criminals an easy way to spoof the site, server, “man in the middle” attacks and bypass corporate firewalls. Although many browser manufacturers have implemented measures against such attacks, they are not enough, and in order to solve the problem, it is necessary to review the domain registration system, Coqueline believes.
“I don’t know why people are initially allowed to register fraudulent domains. The problem is that nobody wants to solve this problem, and until then you have to look outside the castle”,
– emphasized the expert.