“Secure” Web Sites Aren’t Always Secure

How do you know if a web site is safe? Do you look for the lock icon? Would it surprise you to learn that isn’t enough?

Consumers have long been taught to look for the lock icon or “https” in the address bar to determine whether or not a site is secure. Years ago, when web sites first began using secure certificates (the “s” in “https”), that lock icon became a vital indicator. These days, while it’s still important to look for the lock, it’s also important to know that the lock icon isn’t a guarantee of safety.

For one, there are ways that criminals can obtain fake digital certificates to make sites look safe when they’re not. That means the lock icon will still appear, even though the site may contain nasties like password harvesters or malware. It’s also possible for hackers to inject malware into third-party ads. The site itself could be safe, lock icon and all, but these bad ads can still infect your computer with viruses.

The site operators may not even know that their site is serving malware to visitors. Unpatched web servers, often owned by small businesses, are easily hijacked by hackers. So if you have any doubts about a web site, close it immediately and run a virus scan.

Many web browsers include rudimentary detection of bad web sites, but you can augment that by installing extensions to scan for unsafe code.

This is also a good reason to spring for paid security software. The freebies only provide basic antivirus, while the paid versions offer better protections against viruses as well as malicious web sites. My guides for Windows, Mac, and mobile users will help you select a security solution.

Phishing scams lead to bad web sites, so avoid clicking links in email messages. Instead, type the address into your browser and log in from there. Also watch for “typosquatting,” which is when hackers snatch up web domains for commonly typoed sites (think “microsoft” without the second O, or “goggle” instead of “google”) and create lookalike sites to fool consumers.

Do you have questions about how to avoid unsafe web sites? Share in the comments, and sign up for Tech Tips by email for weekly computer news and advice for Windows, Mac, and mobile users. You can also follow Tech Tips on Facebook.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s