Is Your SSL Certificate Expired?

Scammers send out fake alerts about expired security certificates

By now, most websites have followed Googles guidelines with the addition of a security certificate or SSL certificate. Scammers bank on the fact that consumers don’t quite know how these certificates work.

To prey upon unwitting website owners, cyber criminals send out fake notices that your security certificate has expired. The alerts normally contain a link or button urging you to click to install a new certificate. Clicking the link opens the user’s computer up to malware.

According to Kasperky:

The alarming notification consists of an iframe — with contents loaded from the third-party resource ldfidfa[.]pw — overlaid on top of the original page. The URL bar still displays the legitimate address. 

https://securelist.com/mokes-and-buerak-distributed-under-the-guise-of-security-certificates/96324/
Is Your SSL Certificate Expired? -

While this is not a new method for scammers to gain access to information, it is a new twist on this old trick. Do not click on any unexpected popup messages you receive on your internet browser. (The same is true for links in email.) The alerts can look pretty convincing since the scammer place them right on top of legitimate, but hacked, websites. Your best bet is to close the alert box or abandon your internet session.

Can SSL certificates expire?

Actually, yes! SSL certificates do expire. When previous versions of security certificates expired, they needed to be renewed and reinstalled manually. The process was much more cumbersome than it is today. While newer security certificates do expire, they usually autorenew. This does not make them free of issues, though. Starting March 4, 2020, Let’s Encrypt began revoking millions of vulnerable certificates. The certificates in question were issued while a bug infected the company’s software. Let’s Encrypt is notifying customers via email, not sketchy, unexpected popups on random websites.

Search

Sign Up for Our Newsletter

Thank you for your interest in our newsletter! Fill in the form below to receive periodic updates on internet and website security, free cybersecurity posters, WordPress news, and more!

"*" indicates required fields

Name*

Your privacy is important to us. We do not share your information with anyone. You can opt out of our newsletter at any time.

Stay up to date with technology, scams, WordPress, and more. Follow CourseVector on Facebook today!