Home > Awareness > Identify unsecure websites

Identify unsecure websites

  • Websites that are not secure
  • They do not offer Secure Sockets Layer (SSL), a protocol developed for transmitting private documents via the Internet. (A secure website address will begin with https instead of http.)
  • You do not see a closed lock symbol in your browser. (A closed lock indicates a secure site, while an open or absent lock indicates an unsecured site.) Any website where you are expected to exchange personal information (a banking site or an online store) should be secure.
  • Websites that do not offer signed certificates. Security Certificates contain information about who it belongs to, who it was issued by, a unique serial number or other unique identification, valid dates and an encrypted "fingerprint" that can be used to verify the content of the certificate. If your browser warns you that the certificate can't be verified, be wary of the site.
  • Websites that request information where the request is out of context with the action to be performed. For example, why do you need to supply your ID number or street address to read a document?
  • Email messages supposedly sent to you by a bank, email provider or online store that ask you to provide personal information or click on a link in the email body.
  • Email messages that seem to be IT-related, asking you to verify your account details or warning you of some dire consequence should you fail to comply, often contain a link that you have to click on to either log on or to provide sensitive information. For example, an email from "System admin" may claim that there has been a breach of security on your account and that the company needs you to submit personal information.
  • Public computers at Internet cafes or other public spaces, where software may have been illegally installed to capture computer keystrokes.
  • Pop-ups requesting personal information that appear once you gain access to a website that you trust.
  • Pharming attempts – where a hacker redirects a legitimate website's traffic to a bogus site. Malware or a virus then takes over your web browser and when you try to access a legitimate website you'll be directed to a fake one. Once you provide your personal information on the site, hackers can access this information and fraudulently use it.
  • Email attachments that you are not expecting.
  • Telephone calls where the caller asks you to provide or verify personal information.
  • Any emails claiming that there has been a breach of security on your account and they company needs you to submit personal information.