14 DAY TRIAL // Netcraft has come across phishing attacks in which the cybercriminals use valid SSL certificates to make their bogus websites look legitimate.
In order to avoid falling victim to phishing scams, users are usually advised to make sure the sites they’re entering information on are protected by a valid SSL certificate. However, in some cases, the attackers use Content Delivery Networks (CDNs) to increase their operation’s chances of success.
Experts have come across a phishing site that targets the personal and financial information of customers of Turkcell, a leading telecoms company in Turkey.
It’s likely that the cybercrooks have used stolen credit card information to register paid CloudFlare accounts which offer the SSL feature.
In addition to the Turkcell phishing attacks, Netcraft has also identified and blocked PayPal and Chase phishing websites that used SSL from CloudFlare.
While users should continue to check for SSL certificates to identify phishing scams, they should also look for other signs of a malicious scheme, such as the domain the site is hosted on.