Let's Encrypt Issues Over 15,000 SSLs to PayPal Phishing Sites
Having an SSL on your website is a wise decision as not only is it supposed to positively influence a brand's position on the search results (although there is really no evidence of that just yet), but it keeps users safe - or at least it is supposed to.
New research out from The SSL Store found that during the past year, Let's Encrypt (a provider of free SSL certificates) issued a total of 15,270 SSL certificates that contained the word "PayPal" in the domain name or the certificate identity. Of those, 96.7 percent were issued for domains that hosted phishing sites.
The SSL Store's Vincent Lynch went into some detail on the Let's Encrypt abuse, and the need for more rigorous standards for issuance of SSL certificates.
While it is unlikely that those using an SSL from Let's Encrypt are at risk in any way at this time, it should be cause for concern and may even warrant switching CA (certificate authorities) in the future.