Criminals are getting better and more active when it comes to phishing, especially with the use of phishing that claims to be a website from a financial institution. Criminals are now also using certificate authorities (CAs), that give their illegitimate website the green padlock that once gave users a sense of safety. Bob Maley, Chief Security Officer at Normshield said, "free CAs like LetsEncrypt has helped small organizations but with significant unintended consequences. The shift to using domains with certificates changes the game." It is recommended that users search for URLs that are likely to be used by a legitimate business for transactions and to be vigilant when visiting websites.