It sounds like the perfect shopping scenario: You surf online, check out some sites, and then find the perfect Christmas present for your family. You want to stay secure of course, so you make sure that the page you want to buy the present from has the little green padlock in front of the URL. After all, that means that it’s safe, right?
Wrong. The green lock is of course not useless – but it does by no means indicate, that the site you’re on is legitimate. It could just as well belong to cybercriminals that are out for your money and your data.
What the green lock tells you
You might be wondering what the padlock next to your URL is good for if it does not protect you from scam sites. It’s rather easy: it shows that the page is using SSL, the Secure Sockets Layer. Internet addresses that use SSL normally begin with https:// instead of http://. It also means that the data being transferred between that page and your home computer is encrypted and cannot be read by third parties. That’s especially important if you enter things like your credit card information and other payment data.
What the green lock does not do
You might already see the issue: What, if the page that uses SSL is already a malicious one? Scammers are not stupid. They use whatever means possible to make sure that unsuspecting visitors fall prey to their scheme and give them the desired data. The little green lock in front of the URL is just another tool for them to lure victims in.
50% of all Phishing sites have the lock
According to KrebsonSecurity.com and PhishLabs 49% of all phishing sites used the little green lock next to the URL. That’s an issue, since apparently also 80% of users seem to believe that the green lock indicates a website is either legitimate and/or safe.
It took KrebsonSecurity.com only a couple minutes of browsing on phishtank.com to find sites using SSL that were nothing other than phishing pages. Bibox.com’s fake little copycat page, is one of the unearthed examples.
Use your head
In the end that means only one thing: you need to be always careful when shopping online. Do not trust blindly in the little green lock – it will tell you if a website uses SSL but not if it is a scamming website. Check the URL’s to make sure you are really on the site you were looking for and only shop on trusted websites.
Take a look at our best practices and further tips when it comes to online shopping.