This is a real world example of how an EV Certificate has helped prevent potential identity theft via a stolen iPhone.
Extended Validation (EV) Certificates are issued to companies that have completed additional vetting. Proving they are a registered company or organisation, they have publicly listed contact information and that they own the domain in question. Those who run phishing campaigns will be unable to obtain an EV Certificate.
While the targeted user is a professional the use of an EV Certificate by Apple made it much more obvious that something was wrong. We have discussed before why companies need to consider making it commonplace to use EV on important login pages. If provides a first real clue that something could be wrong to the user.
If you receive an email with a link to a login page follow these tips to stay safe.
- Hover over the link in your email. The real URL should appear on screen. Is this where you normally login?
- If in doubt go to your local bookmark of the login page. Use this to login and check for messages.
- Ensure that the login page is using HTTPS and if it has done previously is an EV Certificate present showing the company identity.