Categories: NewsSecurity

Let’s Encrypt Issued Over 15,000 PayPal SSL Certificates to Phishing Sites

Internet users have a difficult time protecting themselves from phishing attacks these days. Although most of these spam messages are filtered by email service providers automatically, some of the messages get through regardless. The fact that PayPal phishing sites have a legitimate SSL certificate issued by Let’s Encrypt is not helping matters either.

Even PayPal Phishing Sites Have SSL Certificates

When it comes to mimicking a legitimate website, it is of the utmost importance to ensure the phishing platform has its own SSL certificate. Some people would think it is impossible for phishing sites to have an SSL certificate, but that is not the case. In fact, ever since Let’s Encrypt started issuing legitimate certificates, cyber criminals have started taking advantage of this opportunity.

To be more specific, Let’s Encrypt has issued over 15,000 PayPal certificates to phishing sites over the past few months. That means there are over 15,000 PayPal clones out there, all of which are designed to steal login credentials and payment information. It is evident criminals feel PayPal is still a very lucrative target, considering it is the largest online payment processor in the world today.

Industry experts have asked Let’s Encrypt to stop issuing any SSL certificate related to the term “PayPal“. For now, these requests have fallen on deaf ears, even though it seems evident why this is causing problems in the first place. To make matters worse, it is still possible to receive a PayPal-esque SSL certificate from Let’s Encrypt to this very day. Solving this problem will require a lot more effort from the Let’s Encrypt team, that much is certain.

There is no reason for SSL certificate issuers to make life easier for cyber criminals involved in phishing campaigns. While this issue affects all platforms other than PayPal as well, it is evident this particular platform is of great value to criminals. Moreover, it also goes to show PayPal users can expect a lot more phishing campaigns coming their way in the future.  That is not a positive development by any means.

Let’s Encrypt has a bit of habit of choosing the “hands-off approach” when it comes to revoking existing certificates. Even though there is plenty of reasons to revoke all of the fake PayPal certificates, the company seemingly has no plans to do so anytime soon. Unfortunately, that means a lot of innocent PayPal users will fall victim to these phishing attacks, resulting in potential financial damages.

The bigger question is who bears the responsibility for facilitating PayPal phishing attacks. It is true certificate issuers are not capable of running anti-fishing operations, yet that does not mean they are innocent either. Simply blocking any PayPal certificate request is not the right course of action, as it would “prevent legitimate use”, according to Let’s Encrypts Josh Aas. Consumers need to be very cautious when receiving emails from PayPal these days, that much is evident.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Recent Posts

Bitcoin Price Watch: Currency Rises to $6,600

At press time, the father of cryptocurrency is up by roughly $300 from yesterday, and is trading for over $6,600.…

4 hours ago

What Is Zombie Battleground?

Many projects have tried to bridge the gap between blockchain technology and trading card games. Some firms have been a…

5 hours ago

What Is the CoolWallet S?

Hardware wallets are an integral part of the cryptocurrency industry. They are an excellent way of keeping one's cryptocurrency portfolio…

6 hours ago

League of Legends PH Client Facilitated Cryptojacking Due to Modified Code

Popular online games have always been a prone target for criminals and hackers. Although these incidents are usually aimed at…

7 hours ago

What Is CoinMarketAlert?

Tracking cryptocurrency prices can be done in many ways. Most enthusiasts rely on various mobile or desktop applications to do…

8 hours ago

One Seemingly Useless Smart Contract Causes Major Ethereum Blockchain Bloat

Even though the Ethereum network is receiving some scaling upgrades, network issues still tend to pop up now and then.…

9 hours ago