Cybercriminals are increasingly spoofing SSL (Secure Sockets Layer) certificates to deceive Internet users.
Online scams have evolved into various forms, from exploiting browser vulnerabilities to infiltrating and creating websites that mimic legitimate sites. Last year, the cybersecurity research firm Netcraft discovered 450 attacks utilizing fake HTTPS tactics.
In a more sophisticated approach, cybercriminals are now leveraging SSL certificates to purchase domain names that closely resemble the web addresses of banking sites, enabling them to display the SSL lock icon (often seen as a security guarantee).
Despite security experts ramping up warnings about the risks of fraud and many browsers displaying alerts, Netcraft suggests that users often overlook these notifications and continue to enter their data.
“The number of phishing incidents related to SSL will continue to rise, therefore, browser developers and security companies need to actively remind Internet users about certificates and SSL security warnings,” Netcraft stated.
