It’s a scam.
The caller is using scare tactics to intimidate our clients and others.
5 of our clients, so far, have received a voicemail from the same number.
Hang up and block the number if you receive a similar call.
How The Caller Knows About Your SSL
If you’re using Chrome, go to your website, click the padlock to the left of your domain, and click “certificate.” It looks like:
That makes them easy targets for scammers selling their own SSL service. They can see when a website’s certificate is expiring and intimidate the owner into buying the scammer’s SSL certification.
The scammer may not even be checking the SSL certificate on a particular website. They may be scraping phone numbers and trying their luck by calling every number they collect.
Don’t give them your information.
You Will (Likely) not be Notified About SSL Renewal by Phone
“Hi ____, my name is _____ I’m calling in regards to an expiring SSL certificate for URL — the current one in your Go Daddy certificate on the site to set to expire tomorrow around 4 o’clock Pacific standard time. Once it does, the site will start loading with the privacy error message. If you’d like to get that certificate renewed beforehand you can give me a call back on my direct line at 626-508-1560. Thanks and have a nice day.”
The person calling may even be running a real business. Their marketing tactic is what’s unethical. Their vague language suggests that they’re the website’s SSL provider.
In reality, they’re independent and they’re calling people who aren’t familiar with SSL to sell them their company’s services.
Determining if an SSL Renewal Notification is Real
Many people implement SSL through their hosting company, such as GoDaddy, Namecheap, Siteground, or Bluehost. If that’s the case all you have to do is log in to your hosting account on the provider’s website to renew the certificate.
Free certificates issued through Let’s Encrypt automatically renew.
If you’ve implemented through another company then you will likely receive an email from them if it’s time to renew.
However, be aware that some scammers do try phishing by email.
Do not click links within an email if you’re unsure.
Always go to your provider and log in to the website directly to be safe.
Our Clients Don’t Need to Worry About Renewing Their SSL
If you work with us and receive a phone call or email, ignore it or let us know.
We implement free SSL from Let’s Encrypt which automatically renews every 3 months, or we implement SSL through GoDaddy and Sucuri which also automatically renews.
If you receive a phone call or email and feel hesitant feel free to contact us.