Internet

DV certificates: why they are a weapon for cybercriminals

Deepak GuptaJuly 21, 2021
0

DV certificates, an option widely used by hackers

DV certificates are for verify web domains. They are going to give a certain security, at least in appearance, to a page. There are different types of domain certificates. In this case, what it does is validate the ownership of that website, something that can give visitors peace of mind.

But of course, hackers can also use this type of certificate. In this way they get that any website they have created, apparently offers certain guarantees to visitors, who are the possible future victims.

These certificates have to be issued by a service that guarantees security. However, it is not difficult for anyone to buy a SSL DV certificate on the Internet and use it on any website. What if that site was actually created to carry out Phishing attacks?

This is exactly what cybercriminals use. That is why DV certificates have become a important weapon for attackers. In fact, the only thing these certificates indicate is that the owner of that website has full administrative control. Yes, it is true that it offers certain guarantees at least informative, but we are not really facing a security measure as such and it will not make a website reliable by itself.

Fake page attacks

How they use a DV certificate on a fake site

Typically, hackers use it to create fake pages and use Phishing attacks. Let’s say they seek to impersonate a social network such as Facebook or Twitter, a bank or any service where the user has to log in with their password.

What the attacker is going to do is create a page with a domain that is similar to the true one, but in which they are going to change some letter, digit or something that allows it to be as similar as possible to the original. Once this is done, they will use the email account of that domain to complete the verification and thus obtain the SSL DV certificate to verify the identity.

That web page will have the typical green padlock that informs that it has a certificate. The victim will enter that fake page and, if they do not realize that the domain name is really not the original, they will believe that there is nothing strange. This can mislead users and cause them to log in as if they were entering the official Facebook page, the bank or any other online service.

Therefore, these SSL certificates are a weapon increasingly used by hackers to mislead victims. This makes it very important to know when a website is fake and to know the security threats on websites.

We have other articles that may interest you:
  1. How they can find your personal data and impersonate you on the network
  2. How can they enter my Facebook
  3. They discover a failure in the Movistar router; that’s how it affects you
  4. Mimikatz: know how they can steal passwords with this program
  5. Could they spoof facial recognition? Discover the consequences
  6. Watch out! They could be trying to get into your accounts
Deepak GuptaJuly 21, 2021
0

Related Articles

Snowflake to HubSpot

Snowflake to HubSpot: How to Transfer Data With Ease

April 18, 2022

Can the Ethernet connection work worse than Wi-Fi?

October 7, 2021

Expand the storage of your NAS with these cheap high-capacity hard drives

March 28, 2023

The perfect switch for businesses, QNAP presents the new QSW-M3212R-8S4T

October 18, 2023

Leave a Reply

Your email address will not be published. Required fields are marked *