Encrypted But Not Legit?

green background with the letters https:// written on it.

Those nasty scammers. They will do just about anything to try to steal your money. One of the things they’ve started to do is purchase security certificates for their bogus websites. They realize that most computer users have come to understand that the “s” in https:// stands for “secure.” A website is secure when everything transmitted from the site to your computer and vice versa is encrypted. The idea is that no one can intercept what you’re doing because that person can’t decrypt it. Because of the encryption, you can enter credit card info, billing address, etc. and know that it can’t be stolen.

Or can it?

This is where scammers can “get you!” If they can lure you to their website, you’ll see the “https://” and the locked padlock and you’ll relax because you know everything is secure. Unfortunately, what this really means is you have securely given them your personal information!

Here’s the point: there can be a difference between a “secure” site and a legitimate site. Scammers will use any method possible: emails, surveys and fake results in Internet search engines to get you to their counterfeit secured site. You need to stay a step ahead of them by making sure the “https://” site you are on is authentic – not always an easy task, by the way. Scammers are excellent at creating sites that seem real. With that in mind, how can you be sure? There’s no easy answer to that question but you should always err on the side of caution. Are there obvious spelling and/or grammatical mistakes? If it’s an email, does the “from” address match the company or person it’s supposed to be coming from? If someone sent you a link, can you trust them? Does it promise you something that seems “too good to be true”? Is there anything about the email, survey or site that makes you feel uncomfortable? Does the site use any of the three social engineering tricks which we’ve talked about before? (The Weakest Link In The Chain – click and scroll near the bottom.)

You should be especially alert with emails which appear to come from financial companies. It’s a good practice to never click on a link in an email from a financial institution but, rather, go to the site like you normally do and log in.

Remember, “https://” means “secure” not “legitimate.”