The green padlock icon used to mean a website was safe. Today, attackers routinely obtain SSL certificates for their phishing sites. Here's what you need to know.
The SSL Misconception
What SSL Actually Means - Data transmitted is encrypted - The connection is secure - The server has a valid certificate
What SSL Doesn't Mean - The website is legitimate - The business is trustworthy - Your data is safe from the site owner
How Attackers Exploit SSL
Free Certificates Services like Let's Encrypt provide free SSL certificates to anyone, including: - Phishing site operators - Typosquatting domains - Brand impersonators
The Statistics - **85%** of phishing sites now use HTTPS - Certificate issuance takes only minutes - Automated systems make bulk issuance easy
Certificate Transparency Monitoring
What is Certificate Transparency? A system requiring all SSL certificates to be publicly logged, creating a searchable database of every certificate issued.
Why It Matters for Brand Protection - Certificates are logged before activation - You can detect certificates for your brand - Early warning of potential attacks
How to Monitor 1. Subscribe to CT log monitoring services 2. Set alerts for your brand name and variations 3. Review new certificates daily 4. Investigate suspicious issuances
Early Detection Benefits
Time Advantage - Certificates are logged immediately - Attacks often launch days later - You can act before customers are affected
Evidence Collection - Certificate details are permanent - Supports takedown requests - Useful for legal action
Taking Action on Suspicious Certificates
Assessment 1. Is this a legitimate certificate for your organization? 2. Is the domain similar to yours? 3. Is the certificate for a suspicious TLD?
Response Steps 1. Document the certificate details 2. Check if a website is active 3. File abuse reports if necessary 4. Add to monitoring watchlist
Best Practices
For Your Own Certificates - Use reputable Certificate Authorities - Enable Certificate Transparency logging - Consider Extended Validation (EV) for high-trust pages
For Monitoring - Automate CT log monitoring - Include brand variations in searches - Set up immediate alerts - Review weekly summaries
Integrating with Your Security Program
Combine with Domain Monitoring - CT monitoring catches certificate issuance - Domain monitoring catches registrations - Together they provide comprehensive coverage
Response Integration - Include CT alerts in your incident response plan - Train staff to assess certificate alerts - Document investigation procedures
Conclusion
SSL certificates no longer indicate trustworthiness. By monitoring Certificate Transparency logs for your brand, you can detect potential attacks before they reach your customers and take proactive action to protect your brand.
Get early warning of SSL certificates being issued for domains using your brand name.