Skip to Main Content

Let's Encrypt Issues Over 15,000 SSLs to PayPal Phishing Sites

Having an SSL on your website is a wise decision as not only is it supposed to positively influence a brand's position on the search results (although there is really no evidence of that just yet), but it keeps users safe - or at least it is supposed to.

New research out from The SSL Store found that during the past year, Let's Encrypt (a provider of free SSL certificates) issued a total of 15,270 SSL certificates that contained the word "PayPal" in the domain name or the certificate identity. Of those, 96.7 percent were issued for domains that hosted phishing sites.

The SSL Store's Vincent Lynch went into some detail on the Let's Encrypt abuse, and the need for more rigorous standards for issuance of SSL certificates.

While it is unlikely that those using an SSL from Let's Encrypt are at risk in any way at this time, it should be cause for concern and may even warrant switching CA (certificate authorities) in the future.

Leave Your Comment

Login to Comment

Become a Member

Not already a part of our community?
Sign up to participate in the discussion. It's free and quick.

Sign Up

 

Leave a comment
    Load more comments
    New code
  •    
      

    The Ultimate Guide to Personalization

    Kibo