Expired certs leads to phishing?


I have been reading the feeds lately, recently many feeds are showing reminders to renew certificate before expiry, failure to do that would risk hackers launching phishing attempts.

I have been wondering, how does cert expiry and phishing co-relate? Apart from the warning from the browser of course.

A valid certificate should be a kind of confirmation that the content you are looking at was made by the people serving the content.
With a MITM a bad actor (let’s call her Mallory) could try to serve you content that was manipulated. (for example a password field that sends all input to Mallory’s server)
But if Mallory tries to reroute HTTPS without preparation, it will show an invalid certificate.
Thus if a website owner is not making sure that the certificate is valid, there is no (easy) way to know for a user if the content served is safe and hasn’t been tampered with.

This topic was automatically closed after 30 days. New replies are no longer allowed.