Before adding and sharing your Fraud Alert please check to see if a similar alert has already been posted, thank you:


?Let’s Encrypt, Comodo blamed for issuing Apple, PayPal phishing SSL certificates

Fraud Alert:
Blocked phishing certificates rose over 400 percent during the past year
Blocked phishing certificates rose over 400 percent during the past year

Certificate authorities Let’s Encrypt and Comodo were responsible for nearly all phishing sites with valid SSL/TLS certificates, according to a new analysis.

Anti-phishing firm Netcraft says it blocked 47,500 sites with a valid SSL certificate in the first quarter of 2017, with 61 percent of the sites using certificates from Let’s Encrypt and 36 percent from Comodo. Two years ago Netcraft found that CloudFlare was the main provider of SSL certificates for phishing sites.

The sites were blocked based on an analysis by Netcraft’s Deceptive Domain Score service, which checks whether a hostname or domain name is likely being used to impersonate another firm. Example hostnames that scored extremely high included “login-appleid.com-direct-apple.com”, “payepal.com-signin-country-localed.access-logons.com”, “payqal.limited”, and “servicesonline-americanexpress.com”.