Scammers Are Calling About SSL Renewal

One of our clients received a phone call pretending to be their website’s SSL certificate provider. The caller went on to explain that our client’s website would experience issues if they didn’t renew.

It’s a scam.

The caller is using scare tactics to intimidate our clients and others.

5 of our clients, so far, have received a voicemail from the same number.

Hang up and block the number if you receive a similar call.

How The Caller Knows About Your SSL

Anybody can view a website’s SSL certificate.

If you’re using Chrome, go to your website, click the padlock to the left of your domain, and click “certificate.” It looks like:
In Firefox, click the padlock, and then the arrow next to “Connection Secure,” and then “More information” to view the certificate. It looks like:
An SSL certificate is public because it’s a sign of public trust. In other words, an SSL certificate tells the world that your website is safe to browse.

That makes them easy targets for scammers selling their own SSL service. They can see when a website’s certificate is expiring and intimidate the owner into buying the scammer’s SSL certification.

The scammer may not even be checking the SSL certificate on a particular website. They may be scraping phone numbers and trying their luck by calling every number they collect.

Don’t give them your information.

You Will (Likely) not be Notified About SSL Renewal by Phone

Here’s the script the spammer used for one of our client’s websites:

Hi ____, my name is _____ I’m calling in regards to an expiring SSL certificate for URL — the current one in your Go Daddy certificate on the site to set to expire tomorrow around 4 o’clock Pacific standard time. Once it does, the site will start loading with the privacy error message. If you’d like to get that certificate renewed beforehand you can give me a call back on my direct line at 626-508-1560. Thanks and have a nice day.

The person calling may even be running a real business. Their marketing tactic is what’s unethical. Their vague language suggests that they’re the website’s SSL provider.

In reality, they’re independent and they’re calling people who aren’t familiar with SSL to sell them their company’s services.

Determining if an SSL Renewal Notification is Real

If your website’s SSL certification is going to expire you will likely receive an email from your provider.

Many people implement SSL through their hosting company, such as GoDaddy, Namecheap, Siteground, or Bluehost. If that’s the case all you have to do is log in to your hosting account on the provider’s website to renew the certificate.

Free certificates issued through Let’s Encrypt automatically renew.

If you’ve implemented through another company then you will likely receive an email from them if it’s time to renew.

However, be aware that some scammers do try phishing by email.

Do not click links within an email if you’re unsure.

Always go to your provider and log in to the website directly to be safe.

Our Clients Don’t Need to Worry About Renewing Their SSL

At Counseling Wise, we keep you and your website safe without worrying about the hassle of renewing SSL.

If you work with us and receive a phone call or email, ignore it or let us know.

We implement free SSL from Let’s Encrypt which automatically renews every 3 months, or we implement SSL through GoDaddy and Sucuri which also automatically renews.

If you receive a phone call or email and feel hesitant feel free to contact us.

More Posts