SSL Forgery and Website Spoofing

This is related to phishing attacks. If you go to your banking website such as bankofamerica.com and you see a closed or green lock next to the website name. You are probably secure. However, there are two things to be wary of.

The first attack is similar but not exact domain names. If you click a link from a sketchy source and it redirects you to bankofamerlca.com, you might miss that the i is replaced with an l in the link. You are in fact not on your banking website, but rather a website that is spoofed to look legitimate. It may look like a legitimate website with a similar name, but it is not. These types of attacks are sophisticated enough that when you enter in your username and password, it will attempt to login to the real website automatically itself, and see that a 2 factor authentication code is required. When you enter in your 2 factor authentication code, the fake website will then have access to your account. In some cases you can interact with your account normally through the fake website and do everything you would usually do. But when you logout the fake website doesn't log you out and can now do things to your account while you are gone. Don't click links to your banking website, ever. Either type it out or use the link in your password manager that you've saved previously.

The other attack can happen even if the website is in fact correctly typed and has a green lock. This is a rare attack called SSL Forgery where the lock appears green and valid, but the encryption to the website is in fact using a forged encryption certificate. This generally requires a hack of certification authorities. In the past when those have happened and we've detected it, then an update gets pushed out that removed the forged certificates. Those are however only the ones that we know of. This is rare but it can happen. Not much can be done with those, but if a website appears buggy or not fully functioning even though the lock is green it might be a fake website. Similar to the website spoofing above. This is not as common as Website Spoofing with similar domain names, fortunately.