There are many spams and data breaches on the Internet. If you pay no attention to your security and privacy online, you may become a victim of the next data breach or spam. So, you want to know whether the website you visit is safe or not. It is a good idea to do so, especially before you share sensitive data such as credit card details on a website.
There are many signs and ways that can help you check if a website is safe. In most cases, users check for HTTPS to determine whether a website is safe to browse. First, let’s learn more about HTTPS and HTTP.
HTTPS vs. HTTP
First of all, no matter what kind of website it is, it must use HTTPS. HTTPS protects you from man-in-the-middle attacks such as phishing and spoofing by encrypting your traffic.
When you visit a site that uses HTTPS, the browser displays a green padlock in the address bar. Some websites even show the company name next to the URL. These websites are considered safer than websites only with green padlocks because they use Extended Validation SSL encryption. This new type of SSL encryption secures the communication between the website and the Internet user who requests it.
In addition to HTTPS, you might also see websites that use HTTP. What’s the difference between HTTPS and HTTP?
HTTP, Hypertext Transfer Protocol, is one of the protocols used for traffic transmission when you browse the website. It is s standard for the client to request and the server to respond. When you pay a visit to a website via a browser, an HTTP request is sent to the specific port on the server. Then, the server responses to your request.
Compared to HTTP, HTTPS adds an SSL layer. SSL is a secure protocol that provides security and ensures data integrity for network communications. It protects data from being intercepted or eavesdropped during transmission by encrypting Internet connection. The server that uses HTTPS must apply from the CA for a certificate that certifies the purpose of the server. The client trusts the host only if the certificate is used on the corresponding server.
In other words, there is no encryption for transmission on a website that uses HTTP. All data is transferred in plaintext. In contrast, websites that use HTTPS encrypt transmission. Thus, HTTPS websites are safer than HTTP websites. In addition, the HTTPS protocol needs to apply for a CA certificate which is not free in most cases. Internet users can make a simple judgment of the website safety first by checking whether it uses HTTPS protocol.
But you should know that not all pages on the same website are encrypted via HTTPS. You should check for HTTPS each time you open a new page, especially when you are going to enter confidential information, such as bank details. Always check whether there is an “S” after HTTP. This will reduce the risks of being a victim to data breaches.
Does HTTPS mean that a website is safe?
When browsing a website, most people just take a look at the URL and the green padlock next to it to see if it is a phishing site. However, it doesn’t mean that a website with a green padlock won’t use your data for malicious purposes. HTTPS only prevents the information loaded on this website or submitted to the server from being intercepted, stolen or modified by a third party. Phishing websites can also use HTTPS.
Xudong Zheng, a researcher, pointed out that it’s hard to spot phishing sites by just taking a look at the URL. The URL may look like that of the site you know, but it’s another site.
Therefore, we kindly recommend that you manually enter the URL when you want to visit some essential websites. DO NOT click on the hyperlink directly because it may bring you to a fake website that looks exactly the same as the one you are familiar with. Before clicking on the hyperlink, you can also hover your mouse on it to show the URL on the bottom-left corner of the browser. For example, Google and Firefox.
The most important thing to bear in mind is that an HTTPS website is not always safe to browse!!!
Why does the fake website look the same as the right one? Xudong Zheng made an explanation. Some countries or regions use “local languages” in their domain names, such as Russia and Bulgaria. Many browsers use Punycode to translate these “local languages” into characters that are readable to the DNS servers. Although you can’t see the difference in their URLs, the computer thinks they are different.
We can draw the conclusion that HTTPS doesn’t guarantee the safety of a website. Apart from common methods of checking the security of a website, Google Safe Browsing is also good for you to detect phishing sites. This service is provided by Google to warn users of malicious websites. You can turn it on to avoid visiting websites that are known to be malicious by Google.