[Owasp-singapore] Mass phishing attacks on credit card sites using SSL

Wong Onn Chee ocwong at usa.net
Mon Apr 11 07:54:38 EDT 2011


" In this attack, there were over a hundred phishing URLs that used a
fake SSL certificate. The SSL certificate was an expired one, with its
issue date of the year 2006 and an expiration date of 2007. The
phisher’s primary motive behind creating an encrypted phishing site was
to help the site appear authentic and to convince users that the site is

Huh??? User stupidity here, as the browser will definitely throw out

In Singlish terms, "sotong syndrome" in play here?


Best Regards
Onn Chee

More information about the Owasp-singapore mailing list