Fraudalant site using letsencrypt cert - appleid.icloud-lock.info


#1

Hi guys,

I have received phishing email pointing me into https://appleid.icloud-lock.info/

This site us using your cert. I have already notified apple as well.

Is there any official way to report such misuse of your certs?

Kind Regards

Dariusz


#2

You may report certificate misuse to the email address mentioned at the bottom of https://letsencrypt.org/repository/.

I went ahead and reported the site to Google’s Safe Browsing; this is generally more effective than certificate revocation (which many browser don’t actively check). Let’s Encrypt uses data from Safe Browsing for newly-issued certificates as well (meaning if the domain is listed, it cannot obtain any new certificates).


Apple Id Scam From Using you cert possible
#3

Thx. Next time will follow suggested path.


#4

I don’t think there’s anything LE can do for this.
An LE certificate simply confirms that the site your browser has connected is indeed that site. Unless the certificate there is an EV certificate, crooks can purchase the certificate from pretty much any CA.


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.