Are SSL Certificates Still Safe?

Now that everyone on the internet knows that SSL certificates are supposed to guarantee a certain level of security, it’s disturbing to learn that even information entered through an encrypted connection can be subject to phishing attacks. Phishing attacks on a a site with a SLL certificate are particularly dangerous because they are unexpected. However, as all of us who have been involved in the campaign against fraud and malware know, the bad guys are often ahead of the good guys in employing new techniques.

There are actually a few cases in which SSL certificates have been issued specifically for phishing purposes, but in most cases unwary innocent certificate holders find that they are unwilling co-conspirators by providing a phishing facility because their sites have been compromised by attackers. We subscribe to a list of known phishing sites, and we never serve ads to them.  We also do not hold or trade in information. It’s just not our business model and it never has been.

But it’s also worthwhile to alert visitors to other methods of preventing their personal information from getting into the wrong hands. Netcraft provides a browser extension for Chrome and Firefox that allows ordinary people to look up information about the sites they’re visiting and achieve some protection from phishing through prevention.

Interestingly enough, GoDaddy has a lower percentage of its SSL certificates used in phishing attacks than most of the other large Certificate Authorities like Global Sign, DigiCert and Symantec, because it hosts a large percentage of the certificates it issues.

According to Netcraft itself, it

first launched its anti-phishing system in 2005. All phishing sites are carefully validated before an alert is raised. Well over 39.6 million unique phishing sites have been detected and blocked by Netcraft’s system to date [December 2017].

Netcraft’s phishing feed is used in all major web browsers and it is also licensed by many of the leading anti-virus, content filtering, web-hosting and domain registration companies. At least three separate third-party studies have found Netcraft’s anti-phishing blocklist to be the most comprehensive feed available.

Netcraft’s phishing site alerts present an excellent opportunity for service providers to win new customers and reassure existing ones by taking a proactive stance against fraud.

This year, as we head into an environment in which information has been weaponized by governments, it is more important than ever that those of us in the online advertising industry we aware of the resources we have at our disposal to restore and repair online trust.