By Simon Sharwood
UK Banks Halifax and NatWest have found fake versions of their websites that have won SSL certificates from certification authorities (CAs).
Netcraft says certifiers such as Symantec, Comodo, CloudFlare’s certification partner GlobalSign and GoDaddy have handed out certs to sites like natwestnwolb.co.uk. That URL is intended to pull web users away from NatWest’s real website, which is nwolb.co.uk. Another UK bank, Halifax, is flattered by the existence of fake site halifaxonline-uk.com. Someone’s trying to take a bit out of Apple at itunes-security.net, PayPal has to cope with emergencypaypal.net and phishers even think someone’s likely to have such fat fingers that they end up at btintranert.com.
While some of the sites above are chucklesome to a degree, Netcraft notes that “Consumers have been trained to ‘look for the padlock’ in their browser before submitting sensitive information to websites, such as passwords and credit card numbers.” The padlock will appear when sites have a valid certificate, so the errors made by certification authorities lend a little more authenticity to fake phishing sites, no matter how ridiculous their URLs. That authenticity will help those sites to fool punters into inadvertently handing over their internet banking credentials and other personal details, which won’t end well.
view full story here