Beware! The padlock icon and HTTPS are no more indicators of safe website

The evolving cyber threat landscape has taken a new leap. The recent past shows a startling rise in the number of incidences of phishing attacks, where visitors have been lured into clicking fraudulent links, under the cover of security marks like padlock icon and ‘HTTPS’.

Considering the rising number of fraudulent websites pretending to be secure official websites owing to the green padlock icon and HTTPS, it is no longer safe to blindly trust websites containing these marks of security since, there is no way to confirm whether the website in question has been hardened against intrusions.

Yes, you heard it right!

As per findings by Quick Heal security labs, hackers have just got smarter and are using people’s trust on website certificates as just another means of rolling out phishing campaigns.

Till date, the padlock icon and HTTPS in web link, were considered as safety indications that the link is secure to be browsed and visitors can safely share their data. The HTTPS protocol especially meant that the website is secure against hackers and spying agents but nowhere did it ensure that the website is benign.

However, off recently, cyber criminals are breaching people’s trust on the padlock icon and HTTPS. As per reports, more than 15,000 TLS certificates have been unveiled containing the word ‘PayPal’ that hackers are using to carry out malicious attacks, while playing with the trust of people. The fact that new domains and sub-domains are springing up every now and then, has made it all the more difficult for people to differentiate a legitimate site from a fraud one.

While there are no 100% effective solutions available to empower and protect internet users against such phishing scams, here are few quick tips to protect yourself from becoming an unsuspicious victim:

• Treat every email you receive with a suspicious eye. Avoid accessing websites by clicking directly on links received via email messages/SMS; especially those asking for personal information.
• As a practice, it is recommended to have shortcuts for your frequently used websites or have them saved as favourites in the browser.
• Get out of the habit of trusting a website blindly just because it has a padlock icon or ‘HTTPS’ in its address.
• Keep your eyes open for wrong or misspelled domain names. These could be the very first and genuine indicators that the website is a spam.
• It’s always good to pay attention to the links, especially when you are accessing banking websites or those websites where you have to enter your credentials or personal data. You can look for below details to confirm the site’s security:
• Is there a green padlock in the address bar?
• Does the link match with the website you intended to visit or expected?
• Is the EV certificate for the website available or not?

Once you are absolutely confident and satisfied that the website belongs to the domain of the company that you intended to visit, only then enter your credentials or personal data.

In short, do your research before you trust any website as precaution is always better than cure!