Phishing for Legitimacy: The Use of SSL Certificates to Ensnare Internet Users

Abstract

This paper examines the impact of making Hypertext Transfer Protocol Secure (HTTPS) certificates more accessible to the public. On the one hand, such an approach facilitates the process for small and large businesses to acquire certifications from Certificate Authorities (CAs), making their clients feel secure. On the other hand, such accessibility enabled many phishers to take advantage of this and pose as legitimate entities. This paper illustrates the phishers' eagerness to imitate existing websites. Furthermore, we will explore the role and responsibility of several parties, namely the Certificate Authority (CA), the browser provider, the website, and the Internet users. The paper also analyzes the results of a survey conducted to determine university students' understanding of HTTPS meaning and offers recommendations to overcome this issue.