Technology

Phishing Websites Use Cloudflare for SSL Certificate

October 8, 2013 | By Editor 

Phising Websites for ssl certificate

The slew of phishing attacks are now not only going large compared to last year but are also seeking the help of SSL Certificate integration so as to gain instant customer trust. The phishing people are well aware of the fact that visitors are no longer ignorant and are capable of making informed decisions. They consider whether a website is reliable or not besides reading its policies and the encryption security measures in place. In this regard, the seal provided by certificate authorities play a vital role because it generates trust and provides better conversion rates.

Content Deliver Network is a new issue which security experts and analysts should take note of. It is being lately used by fraudulent companies and individual hackers to deploy wide scale phishing attacks supported by valid ssl certs. These certs help even the most illegal website look very real and legitimate that leads to privacy concerns.

Confirmed to be one of the most notorious website, odemerkezi.com is the one that has been using SSL Certificate as a camoflauge to take part in illegal activities and forcing customers indirectly to click on wrong links. All a hacker needs is that the person click the link which will redirect them to an infected web page or will download a trojan or bug that will being sending anonymous data to the attacker. CloudFlare is a content delivery network which hackers are making use of. Only paid accounts are allowed on Cloud Flare which costs just twenty dollars but a credit card is mandatory to do the transaction. Reports reveal the attacker may have used a infected victims identity to pay and buy the premium plan before promoting their fake malware phishing attempts.

The website is capable of issuing an SSL Certificate which is the primary requirement for the attacker. CloudFlare provided certificates were used in the phishing attack even though, security software programs have blocked over 200 websites which used legal certificates issued by this content sharing network. GlobalSign provides cert technologies to this network which in turn was exploited by the above mentioned website.

Multi-Domain SSL certificates were used in this attack and sometimes deceptive domain names such as paypal germany website were also used in the process. SSL phishing sites are more dangerous as users tend to believe it readily than other sites. Earlier, the attempt was focused on customers of Chase bank and other financial institutions as well.

SSL Certificates

Posted in Technology

Be Sociable, Share!

Leave a Comment


 


* fields are mandatory