Dear Colleagues,

As you are aware, one of the basic tenants of safe web browsing is to check for a closed lock icon in the address bar before you enter sensitive information (passwords, credit card info, etc.) or purchasing items online. A closed lock provides a visual cue that the website is protected by a security certificate that encrypts communication between the browser and the website’s server.

If a website’s security certificate is expired, browsers display a message stating that the connection to that website is less secure and/ or its legitimacy cannot be verified. Users are highly discouraged from interacting with websites that have expired certificates because the unencrypted information is easily intercepted and the website itself could be fraudulent.

Unfortunately, cybercriminals have started taking advantage of this behavior. By displaying a fake expiration message on a compromised website, bad actors try to lure victims into installing a new certificate when, in fact, the browser downloads malware. The more nefarious versions of this malware steal user names and passwords, capture keystrokes, record background sound, and take screenshots of user activity.

Important: website security certificates are devised to be installed on the server of the website, NOT on a user’s computer. If you see a security certificate expiration message on a website and it asks you to install a new one, do NOT try to install it.

As bad actors continue to devise new schemes to steal our personal information or install malware on our computers, we must continue to be mindful in our daily interactions with technology.

If you have any questions regarding this advisory, please feel free to email the Office of Information Security.