Scammers Are Calling About SSL Renewal

One of our clients received a phone call pretending to be their website’s SSL certificate provider. The caller went on to explain that our client’s website would experience issues if they didn’t renew.

It’s a scam.

The caller is using scare tactics to intimidate our clients and others.

5 of our clients, so far, have received a voicemail from the same number.

Hang up and block the number if you receive a similar call.

How The Caller Knows About Your SSL

Anybody can view a website’s SSL certificate.

If you’re using Chrome, go to your website, click the padlock to the left of your domain, and click “certificate.” It looks like:
In Firefox, click the padlock, and then the arrow next to “Connection Secure,” and then “More information” to view the certificate. It looks like:
An SSL certificate is public because it’s a sign of public trust. In other words, an SSL certificate tells the world that your website is safe to browse.

That makes them easy targets for scammers selling their own SSL service. They can see when a website’s certificate is expiring and intimidate the owner into buying the scammer’s SSL certification.

The scammer may not even be checking the SSL certificate on a particular website. They may be scraping phone numbers and trying their luck by calling every number they collect.

Don’t give them your information.

You Will (Likely) not be Notified About SSL Renewal by Phone

Here’s the script the spammer used for one of our client’s websites:

Hi ____, my name is _____ I’m calling in regards to an expiring SSL certificate for URL — the current one in your Go Daddy certificate on the site to set to expire tomorrow around 4 o’clock Pacific standard time. Once it does, the site will start loading with the privacy error message. If you’d like to get that certificate renewed beforehand you can give me a call back on my direct line at 626-508-1560. Thanks and have a nice day.

The person calling may even be running a real business. Their marketing tactic is what’s unethical. Their vague language suggests that they’re the website’s SSL provider.

In reality, they’re independent and they’re calling people who aren’t familiar with SSL to sell them their company’s services.

Determining if an SSL Renewal Notification is Real

If your website’s SSL certification is going to expire you will likely receive an email from your provider.

Many people implement SSL through their hosting company, such as GoDaddy, Namecheap, Siteground, or Bluehost. If that’s the case all you have to do is log in to your hosting account on the provider’s website to renew the certificate.

Free certificates issued through Let’s Encrypt automatically renew.

If you’ve implemented through another company then you will likely receive an email from them if it’s time to renew.

However, be aware that some scammers do try phishing by email.

Do not click links within an email if you’re unsure.

Always go to your provider and log in to the website directly to be safe.

Our Clients Don’t Need to Worry About Renewing Their SSL

At Counseling Wise, we keep you and your website safe without worrying about the hassle of renewing SSL.

If you work with us and receive a phone call or email, ignore it or let us know.

We implement free SSL from Let’s Encrypt which automatically renews every 3 months, or we implement SSL through GoDaddy and Sucuri which also automatically renews.

If you receive a phone call or email and feel hesitant feel free to contact us.

More Posts

Animal-Assisted Therapy Throughout the US

Animal-Assisted Therapy Throughout the US Alabama Alaska Arizona Arkansas California Colorado Connecticut Delaware Florida Georgia Hawaii Idaho Illinois Indiana Iowa Kansas Kentucky Louisiana Maine Maryland Massachusetts Michigan Minnesota Mississippi Missouri Montana Nebraska Nevada New Hampshire New Mexico New York New Jersey North Carolina North Dakota Ohio Oklahoma Oregon Pennsylvania Rhode Island South Carolina South Dakota

What Private Practices Can Learn From Google’s Leak (And What To Do About It)

In light of Google’s recent leak—which has been interesting to say the least—we’ve learned a lot, particularly how Private Practices can take advantage of what’s been revealed to refine their sites and improve their rankings.  Happy for us, 90% of the leak confirmed what we already do. (Previously we had to base our strategy on experiment

AI in Search: Google’s Latest Update and Its Impact on Private Practices

On May 15, 2024, Google integrated AI into their search results for everybody. What this means is, if you head to Google and search for something like “anxiety,” you may now see an AI overview at the top of the results, which for me just defines the term. We’ve known this integration was coming for

It’s Not Just You: GBP Verification Sucks

Google Business Profile (GBP) verification can be an extremely frustrating process, and it’s likely to become more frustrating, especially since Google is increasingly relying on video verification. And not just for Private Practices. No matter the industry, Google is a pain. Even businesses that have been around for years are being forced to reverify their

Scroll to Top