Phishers now targetting SSL

Information theft scammers are increasingly spoofing SSL certificates in a bid to fool Web users, Netcraft reports.

In the last year, the company
" data-old-href="
">has uncovered
450 phishing attacks using the bogus https technique.

The spoofing has taken a number of forms, which appear to be becoming highly sophisticated. The vary from exploiting browser flaws, to hacking legitimate sites or even just frames on these sites, as a way of presenting what appears to be a legitimate banking site to visitors.

More sophisticated still, certificates can be purchased for domains that sound similar to banking websites, allowing the criminals to present the SSL lock icon, normally taken as a security guarantee.

Even though such attacks will trigger browser warnings regarding the certificate spoofing, Netcraft believes that many ordinary users will simply ignore these messages and proceed.

“Those results, coupled with the growing number of phishing scams invoking SSL, should motivate certificate authorities and browser developers to redouble efforts to educate Internet users about certificates and SSL security warnings,“ Netcraft says in its website analysis.

This story, "Phishers now targetting SSL" was originally published by

Copyright © 2005 IDG Communications, Inc.

Shop Tech Products at Amazon