SSL certificates can help against phishing attacks

Online security has hit the headlines again recently thanks to a spate of Facebook account cloning.

July 4, 2013

Online security has hit the headlines again recently thanks to a spate of Facebook account cloning. Another form of online identity theft, hackers create clone accounts, send friend requests to the user’s friends and then message them asking for help or money. While this is pretty low tech scam, it’s yet another online threat that users have to deal with daily.

“Being able to verify identity is essential to ensure that you are transacting with and communicating to a legitimately recognised and intended recipient,” says LAWtrust certificate service manager Megan Rehbock.

SSL certificates are one means to protect users from fraudsters trying to con them into handing over valuable usernames and passwords or other identifying information. SSL certificates verify sites and provide consumers with confidence that the site they visit is the site they think it is, and not, for example, a spoof site set up for the express purpose of harvesting their credit card information.

Domain-only validated certificates (DV) are verified through automated systems, and contain no information which identifies the business responsible for operating the website.

Organisational validation (OV) or extended validation (EV) is issued only once the requesting company’s name and address are verified through third parties, the certificate request is verified and the credentials of the person requesting said certificate have been checked.

“The latter is more expensive but provides a much higher degree of security and accountability, and can be seen as an effective tool for enhancing consumer confidence and trust online by enabling visual cues which make it possible to display prominent and consistent trust indicators in the address bar,” Rehbock states. Trust indicators that are commonly used include:

  • Green background for address bar on pages with valid EV certificates
  • New security status bar with familiar gold padlock icon
  • Alternating display of issuer and organisation name and country

Trust indicators are an easy and universal sign to users that they can rely on the integrity of the site they are visiting, which is what makes SSL certificates so valuable – they make things very easy for users as they require nothing but a simple visual check.