The probability that an EV SSL certificate is associated with a bad domain is 0.013%

In 2018, phishing attacks were attempted 482.5 million times, more than doubling the number of incidents in 2017.

New research conducted by the Georgia Institute of Technology Cyber Forensics Innovation (CyFI) Laboratory confirms that a website with a company-branded address bar greatly decreases the chance of internet users falling victim to a malware attack or phishing (fraud) scam.

CyFI Lab’s research concluded that the presence of an Extended Validation (EV) SSL certificate represents a 99.987% likelihood that the site it represents is not associated with common forms of online crime.

The conclusion means that EV certificates play a critical role in assuring consumers that the website they are visiting is legitimate and safe to interact with – playing a much-needed role in online trust.

“Across the millions of domains with EV certificates that we studied, we found overwhelming evidence that EV certificates are highly indicative of a legitimate domain registered by a legitimate business,” explained Dr. Brendan Saltaformaggio, Professor & Director of the CyFI Lab, and co-author of the study, Understanding the Role of Extended Validation Certificates in Internet Abuse.

“The probability that an EV SSL certificate is associated with a bad domain is less than 0.013%. Our findings reinforce the notion that consumers should view EV certificates as a browser security indicator for trusted domains.”

To conduct the study, researchers cross-correlated a global repository of web domains with EV certificates against an aggregation of web domains associated with malware, suspicious activity blacklists, and underground marketplace communications.

EV SSL enables consumers to protect themselves from online fraud

SSL certificates create a secure communication tunnel by encrypting the data sent between a client and server, or between two servers, to prevent cybercriminals from modifying data.

When an active SSL certificate is present, users see a padlock (and never a “Not Secure” warning). There are three types of SSL certificates organizations use on their web pages:

• Good – Domain Validation (DV): The Certificate Authority confirms only that the registered domain is under the control of the certificate requestor. No other identifying information is validated or provided.
• Better – Organization Validation (OV): The Certificate Authority authenticates not only domain control, but also the identity of the legal entity or individual that requested the certificate. OV certificates provide a higher level of identity validation than DV certificates.
• Best – Extended Validation (EV): The Certificate Authority follows a uniformly high set of authentication procedures specified by the governing industry standards body to ensure that the true identity of the certificate holder is represented. Popular browsers display the authenticated company name in the address bar, often in the color green. EV represents the highest level of identity authentication an online business can receive.

“The presence of EV influences consumers’ perception of a brand or company,” said Tim Callan, Senior Fellow, Sectigo.

“EV certificates are reliably authenticated using techniques that have proven effective through a decade of industry-wide use. EV is a powerful tool to protect consumers from phishing and communicates that an online business has elected to use premium security practices.”

Tips for staying secure and safe online

According to PhishLabs, more than half of all phishing sites now use SSL certificates (June 2019). To avoiding phishing scams when browsing a website online or opening a link in an email message, Sectigo recommends that consumers look for the full company name at the left of the address bar to ensure the site is really part of the intended online business.

In addition, a user should never input credit card numbers, personal information, logins, or other sensitive data on any web page that is not secured with a certificate (as indicated by a padlock in the URL).