Don’t rely solely on HTTPS, warns FBI
The FBI has warned Internet surfers not to explicitly trust websites just because they begin with the HTTPS prefix since this in itself is not a sure sign that a website is legitimate.
Providing cyber security advice can often be a tricky business.
We can spend a great deal of time emphasizing the importance of features such as HTTPS in the cyber security world, and why it is important to look out for this prefix when entering information into a website.
However, as the FBI have warned this week, the consequence of this is that Internet surfers may assume that HTTPS is – by itself – an automatic indicator that the website they’re on is safe and legitimate.
That is sadly not the case.
Yes, HTTPS is a good thing. If a website begins with this (instead of just HTTP) then the information entered into that website is encrypted, and can only be decrypted when it reaches its intended destination. So, no eavesdropping. The S in HTTPS stands for secure, after all. That’s all good. And yes, if you’re entering information into a website, please make sure that S is there.
Sponsored Content. Continued below...
However… But… Yet… HTTPS isn’t the be-all-end-all, sure-fire indicator that a website is the real deal. Especially when it is the only indicator used by a website visitor to determine if something is a scam.
To get that coveted S to appear on your website prefix, the website owner needs a TLS security certificate. The problem is that these are not hard to obtain. And crooks are exploiting our trust in HTTPS by acquiring TLS security certificates in order to make their scam websites appear legitimate. The visitor then sees the S, remembers that article they read a while ago about how the S is a good thing, and ergo falsely assumes the website they are on is safe.
Oh dear.
So as we state above, the S means the information you enter into a website is encrypted as its broadcast across cyberspace. But it doesn’t mean the website you’re on is legitimate. You can still be on an imposter website that just so happens to be safely encrypting your data, but still sending it to a cyber-crook.
Sponsored Content. Continued below...
Like we said, cyber security can be a tricky business. It is important not to place too much trust on a single indicator when determining if something is a scam. For example, if a web domain is over two years old, this is generally considering a good thing since most scam websites operate for a shorter period of time. But this in itself isn’t a sure-fire indicator that the website is legitimate.
Or, for example, if a website accepts Visa payments, this is a good sign. But again, not a sure-fire indicator that a website is safe.
Remember, if you’re on a website and you’re not sure you can trust it, look for a combination of different things. Yes, there might be an S in the prefix, but is the domain spelled correctly? Does the URL say what it should say? For example, if you’re on a Facebook login page, does the URL say Facebook.com or is it something different?
Also, use good security habits such as a good password manager (which may recognise spoof or scam websites) or enabling two-factor-authentication whenever possible.
Keep up-to-date with all the latest cybersecurity threats and our tips to stay safe online. Follow us on Facebook, Instagram and Twitter.
Continued below...
Thanks for reading! But before you go… as part of our latest series of articles on how to earn a little extra cash using the Internet (without getting scammed) we have been looking into how you can earn gift vouchers (like Amazon vouchers) using reward-per-action websites such as SwagBucks. If you are interested we even have our own sign-up code to get you started. Want to learn more? We discuss it here. (Or you can just sign-up here and use code Nonsense70SB when registering.)
Become a Facebook Supporter. For 0.99p (~$1.30) a month you can become a Facebook fan, meaning you get an optional Supporter Badge when you comment on our Facebook posts, as well as discounts on our merchandise. You can subscribe here (cancel anytime.)
