Valid SSL Certificates Used On Phishing Site

UnderAttack writes about the Washington Post SecurityFix blog has a Phishing article about a new and sophisticated scheme for phishing. The email not only used the first few digits of the users card number to look more plausible (even though the first part of the number is the same for all cards), but it also used a valid SSL certificate for its domain name."