Industry Updates

Browser Security Symbols Don’t Mean Websites Are Legitimate

Most people use Google Chrome.  In fact, according to the latest statistics, Chrome has more than half the browser market share, with the rest dividing the smaller portion of the market between them.  That’s relevant because recently, Google has made important changes to their browser that provide visual cues when a website you’re visiting doesn’t have an SSL certificate.

The visual cue, a little green-colored message that says “secure,” is important, because it tells you that if you enter information anywhere on that page (personally identifiable information, passwords, credit card info, etc.) you can do so with confidence. You’ll know that it’s exceedingly unlikely that anyone is spying on you and making off with the information you’re entering.

It’s important to note, however, that “secure” or “safe” and “legitimate” aren’t the same things.

Increasingly, hackers are investing in SSL certificates so that Google will identify their websites as “secure” too.  It gives people who visit their malicious sites a false sense of security and makes it more likely that they’ll enter information on the hackers’ system, literally giving them all information you’re trying to keep from them. Even worse, most people don’t pay any attention at all to the string of text that appears in the URL box near the top of the browser.

As the web has become increasingly visually oriented, most people simply go by the way the page looks. So for example, if you see what appears to be a PayPal login screen, you’re likely to enter your PayPal username and password without even thinking about it. After all, Google’s telling you it’s secure, and it looks like the PayPal login screen you’re used to seeing, but it might not be.

Hackers have long been in the habit of buying an official sounding domain, then creating sub-domains from it that closely mimic legit sites.  The only way to know for sure is to pay close attention to the URL you’re actually visiting.

The best way to minimize your chances of visiting a poisoned site is to never click links embedded in emails.  Any time you need to visit an official site, type the URL in yourself, or search it on Google and access it that way.  Safety first!