MOVED: New Phishing Scam Deceives With Phony SSL Certificates

[mandy]

This topic has been moved to SSL Certificates.

[iurl]http://community.tuliptools.com/index.php?topic=492.0[/iurl]

[mandy]

Another article on the increasing problem of phishers spoofing SSL certificates:

Information theft scammers are increasingly spoofing SSL certificates in a bid to fool Web users, Netcraft reports.

In the last year, the company has uncovered 450 phishing attacks using the bogus https technique.

More sophisticated still, certificates can be purchased for domains that sound similar to banking websites, allowing the criminals to present the SSL lock icon, normally taken as a security guarantee...

full article: http://www.techworld.com/security/news/i...ewsID=5069&inkc=0

In its first year, the Netcraft Toolbar Community has identified more than 450 confirmed phishing URLs using "https" urls to present a secure connection using the Secure Sockets Layer (SSL). The number of phishing attacks using SSL is significant for several reasons. Anti-phishing education initiatives have often urged Internet users to look for the SSL "golden lock" as an indicator of a site's legitimacy. Although phishers have been using SSL in attacks for more than a year, the trend seems to have drawn relatively little notice from users and the technology press.

full article: http://news.netcraft.com/archives/2005/1..._2005.html