NicSRS
US - English

Blog > Phishing Sites Are Abusing DV SSL Certificates. How to Identify Them?

Phishing Sites Are Abusing DV SSL Certificates. How to Identify Them?

Tag:

DV SSL Certificates

Phishing Sites

1016:0

CatherineAugust 18 2023

Phishing attacks continue to evolve, and cybercriminals are finding new ways to deceive users. One of these tactics involves using DV SSL certificates to lend an appearance of legitimacy to their fraudulent websites. As all major browsers require HTTPS is a must for all websites, now most websites are adopting HTTPS encryption. For websites that have not deployed SSL certificates, the browser will display "Not Secure" warnings. Therefore, phishers have also begun to equip their phishing websites or malware with SSL certificates to exploit user trust.

A DV SSL Certificate Doesn’t Mean 100% Security. Why?

 

From a technical standpoint, a DV certificate can only confirm that a public key belongs to a specific domain, but it cannot verify the website's content or operator. DV certificates do not contain any information about the website's reputation, genuine identity, or security. As a result, even websites intending to conduct phishing can apply for such certificates and appear legitimate, and many of them take advantage of the free SSL certificates. However, many people believe that the existence of a DV certificate should at least imply some level of content validation. It is exactly this misconception that offers an opportunity for cybercriminals.

How to Identify Phishing Websites that Deployed with DV SSL Certificates?

 

1. Check for HTTPS and Padlock

While DV SSL certificates provide basic encryption, their presence doesn't guarantee legitimacy. DV SSL certificates only require proof of domain ownership, making them the least secure option in terms of identity verification. 

Click on the padlock icon to view the certificate details. DV SSL certificates typically display only the domain name and do not include information such as the applicant's company name. Carefully read the address bar information to ensure you are on the intended website, as fake websites and legitimate ones may only have subtle differences.

2. Scrutinize the URL

While an SSL certificate provides encryption, it doesn't guarantee a website's authenticity. Look closely at the URL for inconsistencies:

Domain Name: Check for slight variations or misspellings. Cybercriminals often use domains that resemble legitimate websites.
Subdomains: Phishers might use subdomains to create a false sense of security. Verify subdomains with the main domain's official website.
Unusual Extensions: Be cautious of uncommon domain extensions or country codes that don't match the website's claimed origin.

3. Be Cautious with Pop-Up Windows

Some phishing sites use pop-up windows to ask for sensitive information. If a pop-up appears asking for personal details like your phone number, email address, password, etc., always refrain from giving out any sort of information.

4. Inspect the Website Design

Phishing sites usually lack the attention to detail that legitimate websites possess. 

Poor Design and Layout: Typos, inconsistent fonts, and layout errors can indicate a lack of professionalism.
Missing or Broken Elements: Legitimate websites maintain consistent branding and design elements. Broken images, distorted logos, or missing elements suggest a potential scam.

The rate of change in website content is much faster than the issuance and revocation cycles of certificates. Phishing and malware statuses can be page-specific, and certificates and their associated browsers hardly contain any information about phishing or malware status. Moreover, cybercriminals are almost always able to obtain the certificate and keep it long enough to gain the user's trust. 

While DV SSL certificates offer a cost-effective and quick way to add encryption to your website, they come with significant disadvantages in terms of identity verification, trustworthiness, and susceptibility to phishing attacks. However, this does not imply that all websites using DV SSL certificates cannot be trusted, it simply requires careful scrutiny of the information mentioned above. Businesses and websites that prioritize security and user trust should consider more robust options like EV or OV certificates to provide a higher level of assurance to their visitors.

Comments