This morning we are publishing a public service post showing how malicious phishing sites are getting valid SSL certificates from certificate authorities. In Chrome, this means that a phishing site is labeled as ‘Secure’.
We also show that even if a certificate authority realizes they issued a certificate to a malicious site, when they revoke that certificate, Chrome still shows the site as ‘Secure’. The fact that the certificate is revoked is buried deep in Chrome developer tools where most people won’t find it.
We think this is something every online user should know about and we explain how to protect yourself and your friends and family against the large number of phishing sites that are now installing free valid SSL certificates and are shown as ‘Secure’ by Chrome.
Wordfence Founder & CEO