This week (Mid May 2015) some clients that are hosted with Hostgator were getting emails saying they should be putting in place a SSL Certificate for their site and to click a link in the email to go and buy a SSL Certificate from Hostgator.
This turned out to be a phishing email.
The content of the email is as shown below.
Block the bad guys. Prevent hackers, spies and thieves from gaining access to sensitive information. Positive SSL encryption establishes a secure connection between your server and any visitor’s web browser, and keeps personal data private. Your SSL security icon lets visitors know their data and transactions are always safe on your site.
Build Customer Confidence with Positive SSL.
Encrypt credit card data.
Protect passwords and confidential information.
Secure online payments and form submissions.
Standout with Google!
Recently Google made a change to their algorithm that prioritizes rankings for websites with SSLs. Make sure you aren’t penalized by ordering an SSL today!
So, is it now true that google will penalise us for not having SSL on a non money generating site.
and 2, do we really need SSL on every site we produce?
Suspicions were that the email was NOT legitimate because of the email address that the email came from.
The email address was firstname.lastname@example.org ( it was the e. that gave it away when it should have been hostgator.com (Not e.hostgator.com)
So we contacted Hostgator to confirm this and a reply was sent saying that,
The email you received which claimed to be from HostGator was actually a targeted phishing campaign against our customers. This phishing campaign’s goal was intended to obtain cPanel usernames and passwords from our clients. These emails are not from us at HostGator. Email addresses also appear to be obtained using public WHOIS information. Please do not click on any content within these emails.
So to answer the question of “Do I need an SSL Certificate on my site?”
The answer is mostly a no at this point.. with a catch.
Google does now use SSL as a ranking signal, but it accounts for a very small amount at present, with the potential it might mean more in the future as we move to a SSL-everything world.
You definitely don’t *need* SSL on every site you create, but it can lead to a perceived higher amount of trust by consumers, even if only using something like CloudFlare’s free-ssl offering.
Generally you only need an SSL for your site if you are passing money through it.
So if you are looking at taking payments thru your site then yes..
Payments as in when you ‘connect’ to the bank etc.
Not Bpay as that is done from within the bank of the buyer and not paypal as they are also secure.
So as the image says in the email we got, “Stop Evil Do’ers” HaHa what a laugh as these turkeys are the Evil Doers themselves.
Please Please be very careful of any emails you get from anyone with links in them. Dont assume that the email is legit. Like this one it was sent to gain access to your hosting account.