Domain using Lets Encrypt certificate for phishing!


#1

Hello,
My name is A. Nikolov – system administrator at Central Cooperative Bank PLC in Bulgaria.
This morning we have been informed from our clients that our web site for Internet Banking ( https://online.ccbank.bg/virtb/?page=login ) has been duplicated for phishing purpose on https://homehealthcarelv.com/cache/Confirmation-1/ !!!
Please remove the abuse site and any other information related to it as soon as possible.
If you have any question or you need any other information, please ask me.

Best Regards,

A. Nikolov.


#2

Please read https://letsencrypt.org/2015/10/29/phishing-and-malware.html and The CA's Role in Fighting Phishing and Malware.

You should rather contact fraudulent domain registrar or its hosting provider and report the domain to (for example) Google Safe Browsing. Let’s Encrypt can revoke certificate (but by the matter of policy, they won’t - LE only certifies that your connection to some domain is secure, not that website itself is safe to use), but many browsers do not check revocation status of certificates (I believe that Chrome performs no revocation checks at all, except using CRLSets maintained by Google) - so, certificate revocation will not help.


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.