We assume that if a website has a security certificate—indicated by an address that begins with “https” and (typically) that little padlock icon next to it—then the website is safe. It isn’t potentially malicious or trying to install malware or steal personal information. Until recently, if a site didn’t have a security certificate it was a red flag. But now hackers are using that very security certificate to trick users into thinking a malicious website is safe—and they’re specifically targeting the finance industry.
Here’s how it works: Hackers mock up websites to look like the official website of a financial institution. They then pick a domain name that looks virtually identical to the actual institution’s domain, say by substituting visually similar letters like a lowercase L for a capital I in the URL. Because they own those domains, they’re able to purchase security certificates for said sites. This trick works because the security certificates show proof of ownership over the site and encrypt any information you send over the site—but that doesn’t mean the person on the receiving end is trustworthy. Bottom line: these security certificates don’t prove that a website claiming to be a bank is actually a bank.
Hackers know this and they’re taking advantage of it. A recent study found that the percentage of malicious websites using security certificates doubled from 8.5% to 15% in 2018 to 2019. The scary thing? Combine this with hackers’ use of personalized emails to drive people to these sites (more on that here) and even the most security conscious individual could struggle to recognise these sites as fake.
With thanks to the Cyber Defence Alliance and Security Boulevard. The full story is here: https://securityboulevard.com/2019/08/the-hacker-certificate-how-fake-sites-are-taking-over-financial-services/
Find out how easy it is to roll out cyber security awareness training for your organisation. Ask for a demo now.