When you visit a website, do you see a padlock icon on the browser's address bar? That’s one of the first signs that a website is safe to visit. That padlock is a security feature that authenticates websites and ensures that the data that users submit to that site is protected. Another sign that a site is secure is if its URL has an “S” after the “HTTP” prefix. Here’s what you need to know about that “S.”
The “S” in HTTPS stands for “secured.” It was introduced in 1995, so older websites that have been left on their own without regular maintenance usually don’t have it. But even to this day, unsecure websites exist, and fraudsters can easily take advantage of them.
When you visit a site with an HTTP connection, everything you type or click on that website is sent without encryption. This means that anyone who intercepts the data transferred between the website and your computer can view them as is. Cybercriminals know this, and they can exploit this fact to gain access to your Social Security number, credit card information, and other personal data. This puts you at risk of identity theft and other fraudulent activities.
When you visit a website, your computer uses an online directory to translate its alphanumeric name into a numerical address. It then saves that information on your computer so that it doesn’t have to check the online directory every time you visit the same website.
In case your computer gets compromised, it could be manipulated into directing a perfectly safe web address like www.google.com to a malicious website. Most of the time, users are sent to sites that look exactly like the legitimate site but are actually fake copies designed to trick them into divulging their credentials.
To prevent such incidents from happening, the online directories mentioned earlier issue an ecosystem of certificates that turn HTTP into HTTPS, making it impossible for anyone to be redirected to a fraudulent website.
How does this affect our daily browsing habits?
We often visit a multitude of websites in a short period of time without checking each one for padlocks and certificates. Unfortunately, we can’t ignore the importance of HTTPS, so here are a few things to consider the next time you browse the internet:
- If your browser marks a website as “unsafe,” think twice about clicking “Proceed anyway.” Click the prompt only if you are absolutely certain no confidential data will be transmitted.
- Add web browser extensions such as HTTPS Everywhere that create encrypted connections to unencrypted websites. These extensions encrypt your communication with websites and are compatible with Chrome, Firefox, and Edge browsers.
- Always be vigilant. Some sites may have HTTPS, but it doesn’t mean they’re safe. For example, goog1e.com (with the “l” replaced with a one) could have a certificate, but the misspelling clearly indicates that it’s an untrustworthy site. Cybercriminals use similar spellings of authentic websites to fool people into thinking that they’re on a secure site. This is called typosquatting or URL hijacking.
- And perhaps, just follow the easiest step of all: avoid sites that don’t use the HTTPS prefix.
If you want to learn more about safer browsing habits and endpoint security, give our office a call.