Another phishing scam involving SSL certificates:
Quote:Now here's where it gets really interesting. The phishing site, which is still up at the time of this writing, is protected by a Secure Sockets Layer (SSL) encryption certificate issued by a division of the credit reporting bureau Equifax that is now part of a company called Geotrust.
Geotrust and other SSL issuers are supposed to do some basic due diligence to ensure that the entity requesting an SSL certificate is indeed authorized to request it on the company's behalf. In this case, however, it looks like that process fundamentally broke down...
http://blog.washingtonpost.com/securityf...ing_1.html
Quote:it looks like that process fundamentally broke down
I don't think it's fair to blame Geotrust's authentication process. It would be equally easy to forge incorporation papers and fax them in with another SSL issuer.
The only solution is for email clients to come with big bold letters that say, "Don't Click on ANY Links"