If you have come across malware signed with a Comodo CA issued Code Signing certificate please send as much detail as possible to: firstname.lastname@example.org
Helpful details include:
If you need to report abuse related to a Comodo CA issued SSL/TLS Certificate such as fraud, phishing, etc. please send as much detail as possible to: email@example.com
Comodo CA is a leading Certification Authority that helps enterprises and consumers address digital ecommerce needs with reliable solutions that authenticate digital transactions and identities. A properly installed and configured SSL/TLS certificate identifies the website and ensures that transactions to and from that website to the consumer are encrypted and safe from third-party influence. The most common of these is the low-level Domain Validation (DV) certificate which is identified by the use of Secure | https:// in the site URL. Industry rules for a Domain Validated (DV) certificate require proof the requesting person has control of the website, and that the data between the browser and web server is encrypted.
Many companies purchase Extended Validation (EV) certificates so that visitors to their website have the added trust assurance that the company has undergone extensive validation to verify that the organization is legally registered and active, has exclusive right to use the domain specified in the EV Certificate, that the certificate has been authorized by the organization, and that the organization is not on any government blacklists.
An EV protected website looks like this in your browser:
Your browser will display the name of the company you are doing business with, as registered with their government, in green font. This will replace or augment the domain name. Please note that a minority of browsers may not display the company name, such as Chrome on Android OS. For your important transactions, consider using a browser which supports EV.
Certificate Authorities like Comodo CA do not regulate in any way whatsoever the content of a particular web site, nor do they control or monitor the business practices of any web site operator. Specifically, a Certificate Authority cannot moderate or adjudicate transactions where the consumer has been misled or where the site owner has acted badly.
Ultimately, consumers must decide which vendors to trust on-line before conducting any sort of business with that website.
There are many Phishing (fake) websites out there that are made to look like real businesses. Most scammers and phishers use low level certificates on these sites. Therefore, accessing a site with a valid low level certificate displaying “Secure” in the URL is not an indication that you are safe from phishing attacks. All certificate authorities issue these low level certificates and they are not intended to be used on websites that take consumers’ personal information or facilitate online financial transactions. Businesses that want to provide their customers with a safe online experience use Extended Validation (EV) certificates. That certificate will display the company name in green.
Mitigate your risk by restricting your transactions to sites that use an EV certificate, as indicated above. An EV protected website tells the consumer that this is a real business and has been scrutinized by a certificate authority. If you do not see the name in green you may or may not be on a real website regardless of how legitimate the site appears.
Check Out the Phishing Attacks Whitepaper to Learn More