Phishiest Certificate Authorities

This table show the top 10 phishiest certificate authorities, based on the number of currently blocked phishing sites with an associated valid, trusted SSL certificate where the CA has had a chance to review the deceptive domain name or host name. For example, we do not include a block of as the associated certificate is valid for *

Find out more about Netcraft's Services for Certificate Authorities, including Phishing Alerts for CAs, Deceptive Domain Scoring, and Pre-Issuance certificate checking.

Certificate Authority Phishing Certificates Currently Blocked
Comodo 1356
Let's Encrypt 1293
GoDaddy 53
StartCom 26
Symantec 23
GlobalSign 19
Actalis S.p.A./03358520967 14 4
WoSign 3
Amazon 1

Note: Authorities are ranked by the number of certificates blocked.

This graph shows the number of phishing SSL certificates on each day over the last month, broken down by CA.