Home ยป SSL Scams and popular misconceptions.

SSL Scams and popular misconceptions.

Have you ever come across a website like this?

Phishing site pretending to be Amazon.

Claiming it’s either Google, Amazon, Facebook, Reddit, Apple, Samsung, Twitter, Verizon, T-Mobile or some other popular website promising free things for answering a sketchy survey, filling out your phone or personal information, Asking you to fill in credit card details, etc, Chances are, you have. These types of websites are all over the internet, some claiming they’re your browser, some others claiming they’re your cellphone company, some others claiming they’re a popular social media site, others claim they’re a popular shopping site, some others claiming they’re a search engine, Anyways, you get it. These are all over the internet and they all pretend to be either this or that promising something really expensive. Last night I was thinking, a lot of people trying to prevent such things have the false idea that by having that lock means it’s secure, here’s what I mean.

It looks different on certain browsers and devices, so yours might be different but almost all pretty much show either a lock or the https:// tag someplace in the website

The problem.

I’ve seen a lot of people trusting websites that are scams because they think that by a website being encrypted by an SSL certificate it’s safe (A website with the lock means it is encrypted by SSL). This is not entirely true, yes it’s encrypted between the user and the server, so a hacker can’t just see what you’re doing over a secure SSL connection but nothing says the server can’t just use that unencrypted information for malicious purposes. Many users with the wrong idea they either assumed or got told by somebody else that these were secure when in reality they are not.

How a phishing alert looks on chrome.

Most modern and popular browsers nowadays have the feature to look for websites a user is visiting and check them against a database which is constantly being updated to know if they’re a scam or not, there are various problems to this approach though, here I listed some:

Problems with the system built-in to browsers to prevent phishing.

The databases they check against rely on real humans to look for phishing sites and report them. It may take some time before a website is reported, this means that victims can be caught before it is seen easily and scammers can simply change the address and bypass any databases. As I said, a lot of older browsers don’t have this ability, the problem is that users of old browsers also happen to be the most vulnerable users. Some people who don’t understand the internet very well are much easier to trick into falling in one of these scams.

What prevents a scam website from getting an SSL certificate, well really nothing, they are really simple to get and require no authorization or verification, in fact, they are also free. In conclusion, I recommend keeping an eye for sketchy-looking websites even if they have an SSL certificate. Only trust these websites if they have an SSL with a name like this.

Different SSL Types (The one above is the more trusted type)

As these cannot be obtained easily and have the need to have a registered company and are much more expensive, which are too risky for scammers as they can track them down and charge them.

Leave a Reply

Your email address will not be published. Required fields are marked *