When you don’t believe anyone in real life, How can you believe something on the internet? but, one can believe on websites configured with original certificate of privacy. As soon as someone sees the stamp of certification they flow their private information to the web portal but, should you believe in these certifications or not? Let’s first discuss, what are phishing websites? Those sites which knit traps for you in the form of duplicate websites, Phishing websites look similar to the original websites and after getting trapped your private information is leaked.
Now let’s see, How much these phishing websites can copy original website? We all know that these websites can easily copy the content of the original website, but, are these websites are capable of copying certification? If they could copy certification too, then they would look like a second copy of the original website.
But are these phishing websites capable of exploiting certificates? Is there is a possibility that if a phishing website uses the original certificate which was acquired by retrieving that website? It’s not possible because it does not have access to the original website’s private key. On the other hand phishing, the website can exploit original certificate by other means other than the original certificate. Is there any chance of differentiating between original website and phishing websites? Phishing websites will not ‘get caught’ because a user will not understand a correct certificate in the client’s browser.
There are two ways to spoof an original certificate. One is hacking a website get a private key and use it for phishing website and other is find some inappropriate SSL authority and get a certificate it doesn’t matter either you find the bug or apply social engineering, as a result you will have a valid certificate.