Comment on What is stopping a scammer from HTTPS certificating a "nonsense.ReputableBank.com"

Tarogar@feddit.org ⁨1⁩ ⁨week⁩ ago

There were some rather in detail answers already to which I could add. But instead I am going with a more simple answer that is hopefully also good.

Basically, bad actors want to stay undetected if possible. Like staying in dark places with dark clothing and not making noise. trying to get your own subdomain is more like wearing a high Vis jacket, having Christmas lights on you and broadcasting your presence with a loudspeaker with something like “catch me if you can!” on repeat.

Or even simpler: getting detected is bad for bad actors, doing that is one great way to get detected, they know that so they don’t do that.

Or metaphorically: a drop of water in the ocean won’t get noticed, rain in the desert will.

At the end of the day it’s not about what you can do but if you should do that.

source
Sort:hotnewtop