Don’t rely solely on HTTPS, warns FBI
The FBI has warned Internet surfers not to explicitly trust websites just because they begin with the HTTPS prefix since this in itself is not a sure sign that a website is legitimate.
Providing cyber security advice can often be a tricky business.
We can spend a great deal of time emphasizing the importance of features such as HTTPS in the cyber security world, and why it is important to look out for this prefix when entering information into a website.
However, as the FBI have warned this week, the consequence of this is that Internet surfers may assume that HTTPS is – by itself – an automatic indicator that the website they’re on is safe and legitimate.
That is sadly not the case.
Yes, HTTPS is a good thing. If a website begins with this (instead of just HTTP) then the information entered into that website is encrypted, and can only be decrypted when it reaches its intended destination. So, no eavesdropping. The S in HTTPS stands for secure, after all. That’s all good. And yes, if you’re entering information into a website, please make sure that S is there.
Sponsored Content. Continued below...
However… But… Yet… HTTPS isn’t the be-all-end-all, sure-fire indicator that a website is the real deal. Especially when it is the only indicator used by a website visitor to determine if something is a scam.
To get that coveted S to appear on your website prefix, the website owner needs a TLS security certificate. The problem is that these are not hard to obtain. And crooks are exploiting our trust in HTTPS by acquiring TLS security certificates in order to make their scam websites appear legitimate. The visitor then sees the S, remembers that article they read a while ago about how the S is a good thing, and ergo falsely assumes the website they are on is safe.
Oh dear.
So as we state above, the S means the information you enter into a website is encrypted as its broadcast across cyberspace. But it doesn’t mean the website you’re on is legitimate. You can still be on an imposter website that just so happens to be safely encrypting your data, but still sending it to a cyber-crook.
Sponsored Content. Continued below...
Like we said, cyber security can be a tricky business. It is important not to place too much trust on a single indicator when determining if something is a scam. For example, if a web domain is over two years old, this is generally considering a good thing since most scam websites operate for a shorter period of time. But this in itself isn’t a sure-fire indicator that the website is legitimate.
Or, for example, if a website accepts Visa payments, this is a good sign. But again, not a sure-fire indicator that a website is safe.
Remember, if you’re on a website and you’re not sure you can trust it, look for a combination of different things. Yes, there might be an S in the prefix, but is the domain spelled correctly? Does the URL say what it should say? For example, if you’re on a Facebook login page, does the URL say Facebook.com or is it something different?
Also, use good security habits such as a good password manager (which may recognise spoof or scam websites) or enabling two-factor-authentication whenever possible.
Continued below...
Thanks for reading, we hope this article helped, but before you leave us for greener pastures, please help us out.
We're hoping to be totally ad-free by 2025 - after all, no one likes online adverts, and all they do is get in the way and slow everything down. But of course we still have fees and costs to pay, so please, please consider becoming a Facebook supporter! It costs only 0.99p (~$1.30) a month (you can stop at any time) and ensures we can still keep posting Cybersecurity themed content to help keep our communities safe and scam-free. You can subscribe here
Remember, we're active on social media - so follow us on Facebook, Bluesky, Instagram and X