Home Threats Green Padlocks Used as Phishing Baits

Green Padlocks Used as Phishing Baits

Phishing Campaign on FINRA

A green padlock followed by the organization name (also in green color) means that website uses an Extended Validation (EV) certificate. Green padlocks without the following organization name in green color, means that website uses a TLS/SSL certificate and not EV certificate. An EV certificate is a special website certificate that requires a significantly more stringent identity verification process than other types of certificates. To verify and prove exclusive rights to use a domain, the domain owner must confirm its legal, operational and physical existence, and prove the entity has authorized the issuance of the certificate. This verified identity information is included within the certificate, with business name and country, presented directly in the browser window. But with free and open certificate issuing authorities like Let’s Encrypt, who are providing the same level of encryption and certificates for small organizations, cybercriminals are using them for impersonating phishing sites as legitimate ones.

“Year over year, month over month, phishing is becoming more prevalent,” says Bob Maley, NormShield’s CSO. “The bad actors are getting these phishing domains and registering them. Then they are standing up phishing sites on those domains that are essentially clones of the various e-commerce sites to fool the end user into believing they’re on a legitimate e-commerce site.”

NormShield’s report also threw up a few surprising numbers related to phishing attacks carried out in the past few years:

  • The number of potential phishing domains for top 50 ecommerce sites has multiplied 6x times in the last four years. While it was under 1,000 in 2016, it now stands well above 6,000 so far in 2019.
  • The number of phishing domains registered in the first 9 months of 2019 is 11% higher than during the same period in 2018.
  • 30 percent of the possible phishing domains registered in 2019 have certifications. When compared with 2018, the number of certified phishing domains are three times higher in 2019.

Experts still are and recommend users to look for the domain registrars of suspicious websites and not just the green padlock icons in the URL box. Cybercriminals have a tendency of using free and low-cost registrars for setting up phishing domains. They further advice to avoid random clicking on URLs that come in holiday seasons’ promotional emails and to be careful with typo mistakes that leads to typosqautting/URL hijacking. refusing to provide saved credentials for sites also can be a strong indicator of an illegitimate phishing website.

In a similar research done earlierby Venafi, a cybersecurity software company which secures and protects cryptographic keys and digital certificates, the company said it had uncovered nearly 100,000 typosquatting/fake domains with valid TLS certificates impersonating as major retailers.