Did you know that a clone website of Reddit has recently used https/SSL certificate to steal login credentials of thousands of users worldwide? However, SSL certificate is extremely important, but merely having an SSL certificate installed on your website does not make it 100% safe against cybercrime.
Reddit is the world’s most popular social media platform, used by millions of users globally. Loaded with numerous communities, this website attracts users for posting links, text, videos and other social media related content. The first victim of this website was observed in the month of February 2018. This website is based on typosquatting technique to fool website visitors. Wondering what is typosquatting? Well, typosquatting is a method to steal the usernames and passwords of website visitors, which have misspelled the correct URL of the original website. It is also known as URL hijacking. This time, the victim was reddit.com. But, thanks to the preventive measures taken against the phishing website, which helped to reduce the possible destruction.
The phishing website appears as the original website and confuses the innocent users. In the case of reddit, a couple of reddit.com users typed reddit.co in the URL bar mistakenly. And, reddit.co was a phishing website targeting the credentials of users landed over it. Have you ever imagined the consequences if it would have happened to a banking website or a website containing any sensitive data? Well, it would have been devastating for sure. Moreover, this phishing site also had SSL certificate installed and was running on https to pretend its authenticity. The real website, reddit.com has an SSL certificate installed from Digicert. And, it is reported that the phishing website, reddit.co was using Comodo’s SSL certificate. The owners of this type of illegitimate websites steal the user’s login information for various illegal purposes.
Moving forward to Bitcoin’s case study. If you are associated with trading or mining of bitcoins, then you must be familiar with blockchain.info. Some of you must be unsure about it. Right? Well, this website is used to get crypto wallets online. Perhaps, the team of hackers played on the next level here. They used Google’s most popular online advertisement platform, namely Adwords, which helped them get paid ranking of their fake website, namely blockchien.info. Through Adwords, they obtained top ranking of their fake website on various keywords such as ‘blockchain’, bitcoin wallet login, ‘login to blockchain’, etc. And, it made hackers steal the login information of those innocent website users.
Cyber Security from the End-user’s View Point:
Review the Spellings of Domain Name: First off, we need to come out of this misconception that websites that have SSL certificate are 100% safe against cybercrime. What if an Internet intruder has bought a domain name and creates an illegitimate website that resembles the real website. Hence, besides seeing https protocol on any website, you need to carefully evaluate the domain name’s correct spellings.
Check Website’s Transparency Report Online: This tool is exclusively designed by Google that helps you check any website if it is safe to visit. If you find any website appearing or behaving abnormally, or if you need to confirm if it is safe to browse, visit the following link:
Once, you land on this page, you just need to input the URL that needs to be checked for online security. Hit the search icon to view if the respective website is safe to browse.
Cyber Security from the Website Owner’s View Point
It’s a great move if you have installed SSL certificate on your website. But, if you are encountered phishing by any chance, here are some quick actions for your website security.
Report the Case to all the Browser Communities: If someone has created a clone of your website with a similar domain name or appearance, immediately report it on various browser forums.
Here are some of the common browser forums to report against website phishing attack:
Connect with the Certificate Authority (CA): The next step is to connect with the certificate authority that issued SSL certificate to the phishing website. You can either email them or connect with their customer care department by telephone to inform them about website phishing attack. Now the question arises, how to know the certificate authority of any phishing website? Don’t worry, the next section of this article will help you find it within no time.
Well, follow the steps presented below to check the certificate authority that issued SSL certificate to any website:
Step 1: Open the website in Google Chrome.
Step 2: Click the Padlock, present under the URL bar
Step 3: Click the link ‘Valid’ and view the details of certificate authority.
Step 4: Visit their official website and connect with the customer care to report the website phishing issue.
Step 3: A dropdown menu appears. Click the arrow icon, present next to the URL name in dropdown menu. It will show the name of certificate authority.
Step 4: Locate the official website of the respective certificate authority and contact their customer care department to report the website phishing issue.
Whether you are a website owner or an end user, keeping these basic cyber security tips will certainly be helpful in long run. Once again, an SSL certificate installed on a website doesn’t mean that it is 100% safe unless you verify its identity. When it is about your online security, never compromise. For installing SSL certificates or to fix cyber security issues, always connect with the best cyber security company to stay at peace. Be cautious from today and keep a check in the URL bar to stay safe online.