Phishing and Pharming - How SSL Can Help
Phishing and, recently, pharming pose constant threats to Internet users whose sensitive information is under siege by crackers and other cyber crooks.
An SSL certificate from GRO Project can clip the wings of Internet criminals and help prevent Internet users from being victimized by phishing and pharming schemes when attempting to visit your Web site.
Phishing schemes - attempts to steal and exploit sensitive personal information - typically try to trick victims into accessing fraudulent sites that pose as legitimate, trusted entities, such as online businesses and banks.
Because perpetrators of such attacks will be using and registering domains that resemble those of the spoofed sites, GRO Project, through its stringent fraudprevention measures, will detect the schemes and deny certificate requests for suspicious domains.
An SSL certificate from GRO Project can help prevent Internet users from being victimized by phishing and pharming schemes.
More sophisticated than phishing, pharming revolves around the concept of hijacking an Internet Service Provider's (ISP) domain name server (DNS) entries. When a "pharmer" succeeds in such DNS "poisoning" every computer using that ISP for Internet access is directed to the wrong site when the user types in a URL (e.g., www.ebay.com).
SSL certificate technology can help prevent pharming attacks, as well. In essence, a "pharmer" simply will not be able to obtain an SSL certificate from GRO Project, as he/she does not control the domain for which the certificate is requested.
By protecting your Web site with a GRO Project SSL certificate, Internet users that attempt to access a site that poses as yours will be instantly alerted that there is a problem with the supposedly secure connection:
■ No lock icon: Because CAs usually won't issue a certificate to fraudulent phishing or pharming sites, such sites usually do not use SSL encryption. Internet users, therefore, are alerted by the absence of a padlock icon in their browser's status bar. If protected with a Premium Extended Validation Certificate - the highest level of online assurance available - the site will display a padlock AND a green address bar.
■ Name mismatch error: A pharming site could try to use a certificate issued by a CA for a domain owned by the attacker, but the user's browser will warn the user that the visited URL does not match the certificate presented by the fake Web server.
■ Untrusted CA: A pharming site might attempt to use a certificate issued by an untrusted CA. In this case, the user's browser will generate the following warning: "the security certificate was issued by a company you have not chosen to trust."
Phishing or pharming sites will not be able to obtain SSL certificates from a trusted CA.
The alert Internet user will instantly abandon his/her activities/ transactions when presented with such warnings. Thus, a GoDaddy.com SSL certificate provides business owners and wary, savvy Internet users with an effective weapon against phishing, pharming and similar cyber swindles.
Establishing a Secure Connection — How SSL Works
An SSL¬encrypted connection is established via the SSL "handshake" process, which transpires within seconds - transparently to the end user. In essence, the SSL "handshake" works thus:
■ When accessing an SSL¬secured Web site area, the visitor's browser requests a secure session from the Web server.
■ The server responds by sending the visitor's browser its server certificate.
■ The browser verifies that the server's certificate is valid, is being used by the Web site for which it has been issued, and has been issued by a Certificate Authority that the browser trusts.
■ If the certificate is validated, the browser generates a one¬time "session" key and encrypts it with the server's public key.
■ The visitor's browser sends the encrypted session key to the server so that both server and browser have a copy.
■ The server decrypts the session key using its private key.
■ The SSL "handshake" process is complete, and a secure connection has been established.
■ A padlock icon appears in the browser's status bar, indicating that a secure session is under way. If protected with a Premium Extended Validation Certificate, a green address bar will also appear.
Conclusion — The Key to Online Security
Demand for reliable online security is increasing. Despite booming online sales many consumers continue to believe that shopping online is less safe than doing so at old¬fashioned brick¬and¬mortar stores.
The key to establishing a successful online business is to build customer trust. Only when potential customers trust that their credit card information and personal data is safe with your business, will they consider making purchases on the Internet.
With a GRO Project SSL Certificate your customers will know that they can trust your business.
A GRO Project SSL Certificate provides a convenient, cost effective and reliable means to secure your business's online transactions.
Once installed on your business' Web site the certificate will safeguard sensitive data by securing online transactions with up to 256¬bit SSL encryption.
With a GRO Project SSL Certificate your customers will know that they can trust your business.
Applying a GRO Project SSL Certificate to your online business today will secure your online sales.
|