“Secure” Web Sites Aren’t Always Secure

How do you know if a web site is safe? Do you look for the lock icon? Would it surprise you to learn that isn’t enough?

Consumers have long been taught to look for the lock icon or “https” in the address bar to determine whether or not a site is secure. Years ago, when web sites first began using secure certificates (the “s” in “https”), that lock icon became a vital indicator. These days, while it’s still important to look for the lock, it’s also important to know that the lock icon isn’t a guarantee of safety.

For one, there are ways that criminals can obtain fake digital certificates to make sites look safe when they’re not. That means the lock icon will still appear, even though the site may contain nasties like password harvesters or malware. It’s also possible for hackers to inject malware into third-party ads. The site itself could be safe, lock icon and all, but these bad ads can still infect your computer with viruses.

The site operators may not even know that their site is serving malware to visitors. Unpatched web servers, often owned by small businesses, are easily hijacked by hackers. So if you have any doubts about a web site, close it immediately and run a virus scan.

Many web browsers include rudimentary detection of bad web sites, but you can augment that by installing extensions to scan for unsafe code.

• Tech Tips: How to Customize Your Web Browser With Extensions

This is also a good reason to spring for paid security software. The freebies only provide basic antivirus, while the paid versions offer better protections against viruses as well as malicious web sites. My guides for Windows, Mac, and mobile users will help you select a security solution.

• Tech Tips: Security Basics For Windows Users
• Tech Tips: Security Basics For Mac Users
• Tech Tips: A Home User’s Guide to Mobile Device Internet Security

Phishing scams lead to bad web sites, so avoid clicking links in email messages. Instead, type the address into your browser and log in from there. Also watch for “typosquatting,” which is when hackers snatch up web domains for commonly typoed sites (think “microsoft” without the second O, or “goggle” instead of “google”) and create lookalike sites to fool consumers.

Subscribe to Simple Tech Tips by email for free weekly computer news plus links to my latest feature articles and blog posts. Or, become a paid member and receive all of my free content plus weekly step-by-step guides and exclusive tips!