One of the concerns I had heard was about the fear of doing online financial transactions or online banking due to the instances of phishing or hacking. Hackers often cheat by creating a fake site which looks exactly like your Bank or financial institution and then steal your login/password. Recently I heard about an instance where a technology company sent a link to a fake site which looked genuine to their employees, who went to that site and entered their internal login credentials. So this cheating is not limited to non-technical users only. It shows the severity of the problem.
In this blog, I will try to explain how to know that the site you have navigated to is a genuine one. In a subsequent blog post, I will cover what precaution you must take when you follow a link sent to you by someone.
Let me try to explain how to detect a secure site or page, so you can have safer online experience. Also, please note that I will be concentrating more on the browser. Typically, on the mobile, you are doing payments or using the bank from their dedicated app. But even on a mobile, you sometimes navigate to a page in the browser to fill in some information or a form.
All of the below discussion applies only when you want to ensure the website is secure, especially when you are visiting a bank site and logging into it, or your financial partner site, or a page where you will enter your personal information such as address, phone number, date of birth.
When you navigate to a site – I have used Fidelity.com, a large financial organization based in the USA as an example – you will notice few of the highlighted regions (This is from Mozilla Firefox. On other browsers, you will see the same content but the positioning might be different).
- http vs https (item ‘4’ above)
When you open a webpage, either you open it using a bookmark or type the address in the URL field. The address almost always has a prefix of a ‘http’ or a ‘https’ . There’s a big reason why that additional ‘s’ is important. http (hypertext transfer protocol) is a protocol which is used for transferring data from the browser to the actual web-site (both ways – to the browser and from the browser). ‘http’ does not encrypt the data, whereas ‘https’ encrypts the data during the transfer and that’s where additional security comes in.
So if a website’s url is simply http:// , then the data transmitted is not encrypted, so anyone (possibly a hacker) can intercept and find out what is being sent. But if the website is using https protocol, the data is encrypted so intercepted data cannot be seen or misused.
So if you are simply browsing and reading some generic website, and using it to exclusively read only, then you could continue with browsing even though the URL has a ‘http://’ prefix. But if you are going to fill in some confidential data or for that matter sending any information to the website, you should quickly take a look at the browser’s URL bar for that page, and ensure it has a https:// prefix. This way, you will be sure that the data you fill in and submit is encrypted before it gets to the destination.
- Lock Icon (item ‘2’ above)
The 2nd important information you should look at is the existence of the lock icon and the color of it. A green lock means the site is encrypted and secure. Use the information below to decide what you should do by observing if there is a lock icon on the URL bar, and if there is, which color is it.
No lock – The site is not secure. If you are only reading the page, it’s fine. But do NOT send any confidential or personal data.
Green lock – The site is secure and same as the URL address shown. And the contents are encrypted so nobody can intercept.
Gray with Yellow warning icon or red cross-out – Site data might not be completely encrypted. So I would strongly recommend that you do not send any confidential information using this site
There will always be a ‘I’ icon (item ‘1’) next to the lock, which when clicked on will tell you who the site certificate belongs to. Ideally this will be site you are browsing to.
The 2 confirmation signs above (https prefix, and the green lock icon) should be enough for you to have confidence that the site is secure and can be trusted.
So next time a site asks you to enter some confidential data (username/password, or other personal data), look at the browser’s URL bar, and ensure that there is a Green Lock icon and https:// before proceeding.