« Security Vendors Form Application Security Industry Consortium (AppSIC) | Main | Application Security Predictions For The Year 2006 »

More than 450 Phishing Attacks Used SSL in 2005

Netcraft has published some statistics about phishing on their site.

"In its first year, the Netcraft Toolbar Community has identified more than 450 confirmed phishing URLs using "https" urls to present a secure connection using the Secure Sockets Layer (SSL). The number of phishing attacks using SSL is significant for several reasons. Anti-phishing education initiatives have often urged Internet users to look for the SSL "golden lock" as an indicator of a site's legitimacy. Although phishers have been using SSL in attacks for more than a year, the trend seems to have drawn relatively little notice from users and the technology press.

Case in point: The use of SSL certificates in phishing scams made headlines in September when a security vendor issued a press release warning of a scam in which a spoofed phishing site used a self-signed certificate, presenting a gold lock icon but also triggering a browser warning that the certificate was not recognized. In this case, the phishers were banking on the likelihood that many users will trust the padlock and ignore the certificate warning. Despite the attention, the attack wasn't particularly new or novel." - Netcraft

Article Link Netcraft Phishing Attack Statistics


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!