14 DAY TRIAL // Certificate authority GlobalSign teamed up with British security solutions firm Netcraft in an effort to provide customers a real-time alerting system which enables them to learn if their websites are compromised.
Whenever a GlobalSign SSL Certificate customer’s website is overtaken and altered to take part in a phishing attack, the alert service provided by Netcraft kicks in, notifying the user of the incident. This allows the affected client to take immediate steps to remediate the problem.
“Organizations are under constant threat of phishing and other cyberattacks and need to invest in technologies that keep them a step ahead of the threats. No other Certificate Authority (CA) has provided this level of added and advanced security to its SSL certificate customers,” explained Steve Waite, CEO of GlobalSign Americas.
“Since introducing the service in August, GlobalSign Netcraft Phishing Alerts have allowed us to identify more than 70 customers whose certificates were being used to support phishing attacks, alert those customers and contribute to a faster termination of the attacks.”
The service is simple yet highly efficient. When Netcraft detects a compromised site, it alerts GlobalSign. The certificate authority contacts the website’s owner or the hosting company, depending on who purchased the certificate.
If the affected website does in fact belong to an unsuspecting victim, the company will provide instructions on how to clean it up. On the other hand, if the site has been specifically created for malicious purposes, the certificate is revoked.
Phishing attacks that leverage SSL-enabled websites are even more dangerous since the victim may believe that he/she is on a legitimate domain.
A report issued by the Anti-Phishing Working Group has revealed that in most cases the owners of websites are not aware that they’re the victims of a phishing campaign. In 80% of cases, they learn about it only after being notified by a third party.
The GlobalSign Netcraft Phishing Alert is a great solution for this problem since webmasters will not have to wait for that “third party” to alert them that there’s something wrong.
If, until today, in most cases it took owners 2-3 days to remove the malicious files, with this service the affected websites could be cleaned up within a few hours.