Tech

Don’t be fooled, the padlock doesn’t mean that you are safe

We’re talking about this little guy right here:

The short of it is that a padlock is your browser telling you that all communications between you and this website are securely encrypted. It’s designed to help you recognize sites that aren’t secure, such as fake banking websites. So, while it means that you are secure, that is not the same thing as safe.

Back when encryption was expensive and time consuming, the bad guys didn’t spend much effort adding certificates for their fake sites. Why? Because there was no reason to. These days, the average consumer has become a little more tech-savvy thanks to security experts raising awareness on the issue. In that respect, we’ve all been told repeatedly: look for that padlock! You’re safe if the padlock is there. Well, now the bad guys have a reason to add encryption. That’s great! The bad guys have to work a bit harder to trick more people.

Padlocks everywhere

However, now half of all phishing sites now have a padlock. Suddenly, it’s not as clear-cut as it used to be. This is what the bad guys capitalize on — confusion. So, let’s consider the following. Are these both safe?

Secure? Yes. Safe? Probably not. This is the difference: for notchase.com, your communications with the bad guy’s server are now secure! Hooray! (This actually makes it worse for the victim because most methods of detecting information theft can’t see through the encryption). So, you’re only delivering your banking credentials to the bad guys in a secure fashion this way.

They look safe, sure. But again, all the padlock means is that communications between you and the recipient (website) are encrypted and then decrypted by the recipient.

What can you do?

What do you do about it? Still make sure that padlock is there, but also check the full domain name. If you click on a link that should be from Chase.com but it takes you to NotChase.com, you should be suspicious. If you aren’t sure on something, call them. Corporations are happy to help you determine if their customers are being tricked because it helps them get rid of the bad guys.

Images courtesy of the author and WikiMedia Commons

Please Login to comment
avatar
  Subscribe  
newest oldest most voted
Notify of
Mason
Member
Mason

Solid entry Alex.

Susan B
Member

Thanks, Alex. That actually did happen to me when I tried to access my investment site. A screen came up and kept asking for information that it never asked for before. It jumped me off the site and asked me to re-enter other info besides my log in codes. I called the company while I had the screen up. I had taken some screen shots of the various requests. They said they were not aware of any problem that would cause me to have to reenter. I emailed their cyber department at their request and sent them the screen shots.… Read more »

susanh
Member
susanh

Thank you, Alex. This information is much appreciated.

rynosbucket
Member
rynosbucket

Hmmm. Weird. When did wellsfargo change their spelling to wellsfarga??? Oh well. I’ll just enter all of my info anyway. 😀 Shoooot!!!

Mic-Mac
Member
Mic-Mac

Always find your cyber security articles helpful Alex. Thank you. Much appreciated.

%d bloggers like this: