Since the security certificate on our main webserver was set to expire soon, I've been getting these email messages at webmaster@wou.edu saying "Reminder - SSL Certificate for www.wou.edu expires in 5 Days", counting down every day until the expiry date. I didn't pay attention to them at first, because I already knew the cert was about to expire. Then after we renewed the cert (Thanks, Summer!) the messages still kept showing up.
I took a closer look and found out that the messages don't even come from Thawte, our usual certificate vendor, but from some place called "certstar.com". They pretended our expiring certificate came from them, though, and told us we should renew it by clicking the handy-dandy link they provided.
Well, I wasn't born yesterday, so I didn't touch the link, but I was curious enough to go to their main site. It looks reasonably professional, but they don't secure it with one of their own certificates; they got one from Comodo instead. That's a real red flag. For all I know, they just take the money and run. Even if they have legitimate certificates to sell, it's really slimy to send those deceptive emails to people.
I wonder how many people out there have gotten fooled?
Leave a comment