[Owasp-singapore] Mass phishing attacks on credit card sites using SSL

Wong Onn Chee ocwong at usa.net
Mon Apr 11 07:54:38 EDT 2011


http://security.networksasia.net/content/mass-phishing-attacks-credit-card-sites-using-ssl

" In this attack, there were over a hundred phishing URLs that used a
fake SSL certificate. The SSL certificate was an expired one, with its
issue date of the year 2006 and an expiration date of 2007. The
phisher’s primary motive behind creating an encrypted phishing site was
to help the site appear authentic and to convince users that the site is
safe."

Huh??? User stupidity here, as the browser will definitely throw out
warning?

In Singlish terms, "sotong syndrome" in play here?

-- 

Best Regards
Onn Chee



More information about the Owasp-singapore mailing list