THE “S” STANDS FOR SECURE, OR DOES IT?
We all have favorite movies that we never get tired of watching. Recently coming off Christmas in July, I was reminded that no holiday season is complete (at least in our house) without a family viewing of “Elf”. In one memorable scene, the main character, Buddy, strolls past a New York coffee shop, where to his amazement, he notices a neon lit “WORLD’S BEST CUP OF COFFEE” sign. With great naivety, a joyous Buddy pops in the diner and yells, “You did it! Congratulations! World’s best cup of coffee! Great job, everybody!”
To a lesser degree (I hope!), I believe we have common ground with Buddy in wanting to assume that labels/packaging/signage are always “true”. If you don’t believe me, pay closer attention the next time you’re tossing food into your grocery cart as you’re meandering down the aisles. You’re likely to purchase items with highly visible labels claiming: ‘High Protein’, ‘Cage-Free’, ‘Grass-Fed’, ‘Low Sugar’ or ‘All Natural’. We’ve been well taught that these phrases represent food that’s healthier. However, like the ‘World’s Best Cup of Coffee’ display, are we 100% sure of the authenticity of these statements?
The idea of further questioning a food label or a claim on a neon sign, is also now true for visiting perceived ‘healthier’ websites. I’m referencing Hypertext Transfer Protocol Secure (HTTPS) webpages. Over the course of many years, I’ve repeatedly drilled it into the minds of computer users to always look for the padlock icon immediately to the left of the website address. The padlock icon represented security: meaning the visited website has been issued a certificate meant to imply that the site was secure from attacker hacks and cyber eavesdropping. Is that still the case?
Since 2018, the use of HTTPS websites has far surpassed the use of HTTP (non-secure). For most businesses HTTPS pages are a requirement. After all, failure to own a secure site will result in Google Chrome boldly tagging your site as “Not Secure”. We can agree that it stands to reason that the more secure websites out there, the better.
However, the issue with HTTPS sites recently is that cybercriminals are quick to evolve their deceitful practices. Instead of luring victims via phishing scams to clearly marked unsafe HTTP sites, we’re seeing a movement where newer malicious schemes are pointing to secure sites. The website line differentiating between good and evil has become increasingly blurred.
I recommend the following suggestions to prevent falling victim to these new HTTPS scams.
1. Never login into or enter any personal information: credit card numbers, social security number, banking information, passwords into non-HTTPS sites.
2. Do not solely trust a website based on its HTTPS and padlock icon presence itself.
3. If the site does contain HTTPS, check out the desired domain name for spelling accuracy. There have been thousands of fraudulent certificates issued referencing the word “PayPal”. Most bogus sites are created with only one different character.
4. Don’t click on links embedded within email and social media sites. The websites shown are likely forged and not the actual website you’ll be directed to.
5. For regularly frequented websites, it’s a good idea to bookmark them so that you know exactly the site you’ll be viewing, opposed to searching the location of those sites with each visit.
6. Install strong security software. As always, I recommend downloading and installing Thirtyseven4 Antivirus.
We can learn a lot from the mistakes and trustworthiness of our friend Buddy. He read the sign (claim), and believed it completely (World’s best cup of coffee!”). We cannot accept the validity of a site, based solely on the HTTPS and padlock icon anymore. Looks (HTTPS) can be deceiving, and cybercriminals work very hard to make things “look” typical.
Buddy also “shared” his site. He brought his friend Jovie back there to try the self-proclaimed “best coffee”. Before sharing sites or pages, be very sure they are legitimate and safe.
And lastly, upon tasting the “World’s best cup of coffee”, it was so unpalatable that Jovie grimaced and said it tasted like a bad cup of coffee. Unsecure and malicious sites will do more than just leave a bad taste in your mouth—they can poison your bank accounts, contacts and machine itself, among other things. Be sure that you can verify the website before putting your trust (in the form of a click) into it.
Cyber dangers are real. Let us learn from the mistakes of Buddy and remember that instead of “S” standing for Secure, let us also think of “S” standing for “Smart”. Being Smart and in-tune to the impeding traps and dangers lurking around every corner.
Thirtyseven4, LLC is dedicated to serving customers with a full palette of security solutions including AntiVirus, AntiMalware, Anti-Ransomware and Zero-Day Threat Protection.