In 2018, approximately 482 million phishing attacks were carried out – more than twice as many as in 2017.
A recent study by the Georgia Institute of Technology Cyber Forensics Innovation Laboratory (CyFI) found that 99.987% of Web sites using an Extended Validation (EV) SSL Certificate are not associated with common forms of online crime.
The company name is displayed in the address bar by the EV certificates (Extended Validation).
EV certificates are central to helping consumers know that the web presence they visit is both legitimate and secure.
„The probability that an EV SSL certificate is associated with bad domains is less than 0.00013 or less than 0.013 %.Therefore, users benefit by noticing and using the browser security indicators as a guide to trust domains with EV SSL certificates”
said Dr. Brendan Saltaformaggio, Professor & Director of CyFI Lab and co-author of the study “Understanding the Role of Extended Validation Certificates in Internet Abuse“
To conduct the study, CyFI Lab researchers compared a global directory of domains with EV certificates against a database of domains associated with malware, blacklists for suspicious activity and communication in Darknet. CodeGuard funded the study – without imposing further conditions – ensuring that CyFI had the freedom to design, conduct and publish its own independent conclusions.
EV certificates enable consumers to better protect themselves against online fraud.
SSL Certificates enable secure communication by encrypting data sent between a client and a server or between two servers to prevent cybercriminal data from being read or manipulated during transmission. If an active SSL Certificate from a trusted Certificate Authority is present, users will see a padlock (and never a “Not secure” warning). There are three types of SSL Certificates that companies can use on their Web pages:
Good – Domain Validation (DV):
- Good – Domain Validation (DV):
The certification authority only confirms that the registered domain is under the control of the certificate applicant.
No further identifying information is checked or provided.
- Better – Organisation validation (OV):
The certification authority authenticates not only the domain control, but also the identity of the legal or natural person who requested the certificate.
Thus, OV certificates offer a higher security level than DV certificates.
- Best of all – Extended Validation (EV):
The certification authority adheres to a uniformly high standard of verification procedures defined by the responsible committee, the CA/Browser Forum, in order to ensure that the identity of the certificate holder is guaranteed. In popular browsers, the authenticated company name is displayed in the address bar, often in green. Thus, EV represents the highest level of identity authentication an online company can receive.
“The Presence of EV Certificates
influences the consumer’s perception of a brand or a company”
says Tim Callan Senior Fellow at Sectigo and further notes that
“EV certificates can be reliably authenticated using techniques that have proven themselves in industry-wide use for a decade. EV is a powerful tool to protect consumers from phishing and underlines that an online company has chosen a premium security strategy”.
More tips for the end user
According to PhishLabs, more than half of all phishing sites now use SSL Certificates (June 2019). To avoid phishing scams, consumers should look for the full company name on the left side of the address bar to make sure the website they are visiting is the one they want.
In addition, a user should never enter credit card numbers, personal information, logins, or other sensitive information on a web page that is not secured with a certificate (as indicated by a padlock in the URL).
If you have any further questions, please contact your CertCenter team.
Phone: +49 641 80 899 520
E-Mail: [email protected]