Seeing a Padlock in the Browser Doesn’t Always Mean You Are Safe

Sep 30, 2021 | Uncategorized

A Padlock is good, right?

Have you noticed that when you go to some sites on the web, there’s a padlock icon in the site address field?You may have heard that as long as you see a padlock in the address bar, the site is safe. But that is not always true. Here are some things to know about site security.

What does that padlock mean?

Technically, the padlock indicates is that there is an HTTPS connection using a certificate for validation provided by the hosting company.According to Lifewire, “HTTP and HTTPS are both responsible for providing a channel where data can be transmitted between your device and a web server so that normal web browsing functions can take place.”The ‘S’ in HTTPS stands for Secure. It means the data between your browser and the site server is basically wrapped in an encrypted, secure tunnel. So, in the event a 3rd party or internet thief intercepts it they’ll have a much tougher time deciphering the data.Here’s the catch…

Approximately 35-50% of all phishing sites use HTTPS

In 2018 it was reported that approximately 35-50% of all phishing sites use HTTPS so you will see the padlock icon in the address bar.These sites can obtain a security certificate from an online certificate authority, like a hosting company. Many hosting companies are now offering these certificates for free, and some do not review the request very carefully. So, unfortunately, fraudulent sites manage to get approved rather easily.

How do we get hooked?

We get caught in a phishing net when the ill-intentioned forces behind a malicious website acquire one of these certificates for free and rely on us trusting the site is safe because it has the padlock icon.They whip up a website that looks just like the real thing and buy a web address that looks legitimate at a glance. We arrive on the site, enter in our information, and they happily steal it.Here’s an example:https:www.Mircosoft.comIt looks legit.But look more closely. Microsoft is misspelled. Fortunately, Microsoft has been vigilant, bought the incorrectly spelled domain, and set it to reroute traffic to their legitimate site. That prevents you from being a victim of a phishing scam. Unfortunately, you can’t rely on all companies doing the same thing to keep you safe.

How can you stay safe while surfing the web?

There are a few things you can do to ensure you’re going to a safe site.BE VIGILANT

  • Look closely at the URL to ensure you are on a company’s legitimate site before you input any personal or financial information.
  • Don’t click a link in an email asking you to log in to your account, verify or check information, change your password, etc.


  • Instead of clicking a link in an email, open your web browser, and type in the website address.

Think you’ve spotted a fake?

Your web and technology security is our specialty.We will be happy to investigate any site that you think might be unsafe and give you our expert opinion on it. If it’s a fake, we’ll report it so it can be shut down.If you land on a website that looks suspicious, contact us at (844) 448-7767 or send us a message. Links: