Skip to main content
banner image
venafi logo

The Importance of Machine Identities in Detecting Look-alike Sites

The Importance of Machine Identities in Detecting Look-alike Sites

machine identity look-alike site detection
January 23, 2019 | Chris Bailey, Entrust Datacard

Every year, we think next year we'll have solved the phishing problem, but it just seems to be a pesky problem that doesn't go away. In fact, Venafi recently released a study that revealed that the total number of certificates for look-alike domains is more than 200% greater than the number of authentic retail domains.

Using fake domains that substitute a few characters in the URLs, cyber attackers can point to malicious online shopping sites that mimic legitimate, well-known retail websites. As a result, it has become increasingly difficult for customers to detect the fake domains, especially because many of these malicious pages use an anonymous TLS certificate, so they appear to be safe for online shoppers who unknowingly provide sensitive account information and payment data.

Because anonymous TLS certificates can lead to a false sense of security, it’s critical that consumers are educated about the importance of valid machine identities. Highly secure websites, such as those from a bank, will have a special indicator in the browser. This indicator will display the name of the organization and often the country it's associated with. It’s a relatively easy way for the average person to look and see if they're actually connected to their real bank. Here are actual examples of what is displayed in the address bar of the Google Chrome web browser for a highly secure website vs an anonymous TLS website.

Example 1: Address Bar of Google Chrome showing the actual Bank of America Corporation website with organization name and country

Example 2: Address Bar of Google Chrome showing a website using an anonymous TLS certificate which only shows website address

Here’s a video on how to identify a secure website with an EV certificate for other browsers.


Highly secure websites are able to offer this additional level of confidence because they encrypt their pages using an extended validation certificate. But before we talk about how it works, it’s important to understand the factors that contributed to the creation of this higher level of validation.

Going back into the '90s, the lock symbol first started to appear. We were trained to look for the lock symbol. When users saw the lock symbol, they felt the website was safe. Over time, the lock symbol has evolved, and does not actually mean the same thing as it did before. Back then, it was a good idea to look for the lock symbol. But today, the lock symbol really just means that the website is encrypted. When you see sites with the lock symbol, you know it's encrypted. But, as we’ve seen with look-alike sites, encryption alone is not enough.

To better determine whether a website is valid, consumers need to see additional identity information associated with the owner of the website. For example, if a visitor sees that the organization name is right there beside the lock symbol, they will know it's gone through a higher level of verification. And that verification involves the organization being vetted by a third party called a certification authority (CA). And that process is pretty thorough.

Before granting an extended validation certificate, the CA will actually go and try to figure out if the company is legitimate and in good standing. The CA will also try to prove that the entity trying to request that identity has the right to do so. It's a very different type of process than just getting a simple anonymous certificate, nowadays.

Bottom line, extended validation makes it difficult to spoof a valid website. Higher levels of identification mean that it’s harder for the person who is requesting a certificate to hide. Most do not want to be identified if they are, indeed, trying to do something fraudulent because they will just create a forensic trail for themselves.

The most important element of extended validation is that the information that's being displayed is actually generated from the validation organization (or CA), not the folks posting the website. Indeed, the organization’s identity is cryptographically bound to the digital certificate. To further bolster confidence, the CA will maintain that the certificate is still in good standing over time via revocation services.

Extended validation has proven to be a great security differentiator for websites that require high levels of privacy and security. Any website that collects personal or financial information should be held to this higher standard for strong machine-to-machine connections and communications. Machine identities are integral to this process and savvy organizations will go the extra mile to protect these high-value credentials.

How secure are the machine identities on your public-facing websites?

Related posts

Like this blog? We think you will love this.
Featured Blog

What Is IP Spoofing?

What is IP Spoofing?

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Chris Bailey, Entrust Datacard
Chris Bailey, Entrust Datacard

Chris Bailey is the VP of Strategy and Business Development at Entrust Datacard. He has a demonstrated history of leading and growing cybersecurity software and service organizations.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more