If you have come across malware signed with a Sectigo- or Comodo-issued Code Signing certificate please send as much detail as possible to: [email protected]
Helpful details include:
If you need to report abuse related to a Sectigo- or Comodo-issued SSL/TLS Certificate such as fraud, phishing, etc. please send as much detail as possible to: [email protected]
Helpful details include:
Many companies purchase Extended Validation (EV) certificates so that visitors to their websites have the added trust assurance that the company has undergone extensive validation to verify that the organization is legally registered and active and has exclusive right to use the domain specified in the EV Certificate, that the certificate has been authorized by the organization, and that the organization is not on any government blacklists.
Certificate Authorities like Sectigo do not regulate in any way whatsoever the content of a particular web site, nor do they control or monitor the business practices of any web site operator. Specifically, a Certificate Authority cannot moderate or adjudicate transactions where the consumer has been misled or where the site owner has acted badly.
Ultimately, consumers must decide which vendors to trust on-line before conducting any sort of business with that website.
There are many phishing (fake) websites out there that are made to look like real businesses. Most scammers and phishers use low level certificates on these sites. Therefore, accessing a site with a valid low-level certificate displaying “Secure” in the URL is not an indication that you are safe from phishing attacks. All certificate authorities issue these low-level certificates and they are not intended to be used on websites that take consumers’ personal information or facilitate online financial transactions. Businesses that want to provide their customers with a safe online experience use Extended Validation certificates
Mitigate your risk by restricting your transactions to sites that use an EV certificate, as indicated above. An EV protected website tells the consumer that this is a real business and has been scrutinized by a certificate authority. If you do not see the name in green you may or may not be on a real website regardless of how legitimate the site appears.
If you need to report abuse related to a Sectigo issued Qualified Certificate such as fraud, phishing, etc. please send as much detail as possible to: [email protected]
Helpful details include:
QWAC: