Georgia Tech Cyber Forensics Innovation Lab Studied 2.6 Million Certificates to Determine Correlation Between Online Crime and Sites with Extended Validation
In 2018, phishing attacks were attempted 482.5 million times, more than doubling the number of incidents in 2017. New research conducted by the Georgia Institute of Technology Cyber Forensics Innovation (CyFI) Laboratory confirms that a website with a company-branded address bar greatly decreases the chance of internet users falling victim to a malware attack or phishing (fraud) scam. Sponsored by Sectigo, the world’s largest commercial Certificate Authority (CA), the CyFI Lab’s research concluded that the presence of an Extended Validation (EV) SSL certificate represents a 99.987% likelihood that the site it represents is not associated with common forms of online crime.
“The probability that an EV SSL certificate is associated with a bad domain is less than 0.013%. Our findings reinforce the notion that consumers should view EV certificates as a browser security indicator for trusted domains.”
The conclusion means that EV certificates play a critical role in assuring consumers that the website they are visiting is legitimate and safe to interact with – playing a much-needed role in online trust.
Read More: DARPA Funds ML-Based CHIMERA Solution
“Across the millions of domains with EV certificates that we studied, we found overwhelming evidence that EV certificates are highly indicative of a legitimate domain registered by a legitimate business,” explained Dr. Brendan Saltaformaggio, Professor & Director of the CyFI Lab, and co-author of the study, Understanding the Role of Extended Validation Certificates in Internet Abuse. “The probability that an EV SSL certificate is associated with a bad domain is less than 0.013%. Our findings reinforce the notion that consumers should view EV certificates as a browser security indicator for trusted domains.”
To conduct the study, researchers at the CyFI Lab cross-correlated a global repository of web domains with EV certificates against an aggregation of web domains associated with malware, suspicious activity blacklists, and underground marketplace communications. CodeGuard, a leader in website backup and recovery and a Sectigo brand, funded the study on a “no strings” basis, ensuring that CyFI was free to design and conduct the study and publish its own independent conclusions.
EV SSL Enables Consumers to Protect Themselves from Online Fraud
SSL certificates create a secure communication tunnel by encrypting the data sent between a client and server, or between two servers, to prevent cybercriminals from modifying data. When an active SSL certificate is present, users see a padlock (and never a “Not Secure” warning). There are three types of SSL certificates organizations use on their web pages:
- Good – Domain Validation (DV): The Certificate Authority confirms only that the registered domain is under the control of the certificate requestor. No other identifying information is validated or provided.
- Better – Organization Validation (OV): The Certificate Authority authenticates not only domain control, but also the identity of the legal entity or individual that requested the certificate. OV certificates provide a higher level of identity validation than DV certificates.
- Best – Extended Validation (EV): The Certificate Authority follows a uniformly high set of authentication procedures specified by the governing industry standards body to ensure that the true identity of the certificate holder is represented. Popular browsers display the authenticated company name in the address bar, often in the color green. EV represents the highest level of identity authentication an online business can receive.
“The presence of EV influences consumers’ perception of a brand or company,” said Tim Callan, Senior Fellow, Sectigo. “EV certificates are reliably authenticated using techniques that have proven effective through a decade of industry-wide use. EV is a powerful tool to protect consumers from phishing and communicates that an online business has elected to use premium security practices.”