HTTPS green lock icon doesn’t mean the site is safe

I have seen a number of internet advisories, mainly from Indian banks and financial organizations, stating that customers should look for the green lock icon next to the website address and make sure that the address starts with https instead of http while visiting their websites. Even though the advise is genuine, it doesn’t tell the whole story. Users must be aware that presence of green lock icon and the https just implies that the connection between their browser and the website they are visiting is secure but it doesn’t verify identity of the the website they are visiting. Any phishing website can have those comforting green lock icon and https.

Green lock icon https
A website showing green lock symbol and https protocol. Image © Damonte Law

For example, ABC Bank may have a genuine website https://www.abcbank.com and it will display a green lock icon in the browser but so does the website https://www.abcdbank.com. Note that there is a single letter change in the website name which is hard to notice. A phishing website with the exactly same content of the https://www.abcbank.com can be setup at https://www.abcdbank.com and both will display the same green lock icon.

The best way to avoid such phishing scam is by manually typing in the website address you want to visit carefully. Once visited, you can bookmark the page so that you can return to the website easily. Another important factor is to look for extended validation (EV) certificates which will display the company name along with the green lock icon. Most financial websites are using EV certificates that gives assurance that someone actually verified the business and their website.

Extended Validation (EV) certificates will show the name of the company owning the website. Click on it to get more details about the company and make sure you are dealing with the correct organization. Image © bnamed.net

When you look for the green lock icon next time, please keep this in mind.

Leave a Reply

Your email address will not be published. Required fields are marked *