Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Trust not the 'trust' seals, Symantec warns

Veronica C. Silva | Sept. 29, 2011
Fake trust seals with fake URLs abound with juicy deals.

Yes, the warning is true. Trust not those offers with trust seals because some of them may be fake, warned security experts Symantec.

A new tactic employed by cyber criminals recently is to direct victims to a phishing site containing fake trust seals. Once on the page, the victims are lured to submit their billing and personal information, and credit card details supposedly to complete their purchase. This is one way to steal crucial information from the victim for financial gain, Symantec said.

The Symantec official blogsite ( said the phishing scheme was noticed last August, with phishers offering "summer offerings" and up to 80 percent in discounts.

Symantec said the phishing site also disguised itself as a well known software company and offered  associated software products at discounted rates.

At the bottom of the page where the personal and credit card information are collected, there is a fake trust seal that leads to a fake site with a fake URL. The URL can be distinguished because it contains sub-domain randomisation. An example of this URL format is http://www.<software security company>.com.<fake domain>.com.

Spot the difference

"A legitimate trust seal is a seal provided to Web pages by a third party, typically a software security company, to certify that the website in question is genuine. Clicking on a trust seal will pop up a window provided by the third party, which contains details of the site name and the encryption data used to secure the site," Symantec said.

To avoid falling victim to this latest scheme, Symantec advises consumers to be wary of suspicious e-mails and links, and avoid providing personal information when replying to an e-mail. Also avoid those pop-up pages or screens.

To distinguish a trusted site, Symantec said they have the following features:

- an SSL certificate,

- a padlock icon,

- the letters "https" in the URL, or

- the green address bar.


Sign up for Computerworld eNewsletters.