Update: This article was published in April 2017. Up-to-date statistics on TLS certificates used for phishing can be found at Netcraft’s Phishiest Certificate Authorities page. Certificate Authorities are still issuing tens of thousands of certificates for domain names obviously intended for use in phishing and fraud. Fraudsters are mostly using just two CAs — Let’s Encrypt and Comodo domain-valid
![Let's Encrypt and Comodo issue thousands of certificates for phishing | Netcraft](https://cdn-ak-scissors.b.st-hatena.com/image/square/99a1ea7f537cc93ed90028e088964c8c4b489a57/height=288;version=1;width=512/https%3A%2F%2Fwww.netcraft.com%2Fwp-content%2Fuploads%2F2023%2F05%2Fdefault-thumb.png)