The once coveted “green lock” that was mainly used for financial transactions is now available for free to
anyone; including malicious actors. In fact, it has been reported that 58% of all phishing related websites
are now hosted using HTTPS. It is for this reason that no one should assume a website is “safe” just
because it’s being hosted using HTTPS. It’s still very important to visually identify the lock icon when
transacting with any website but understand that it doesn’t necessarily indicate that a site is legitimate.
Attackers mimic a target website by simply copying the code from a legitimate site and pasting it to their
malicious site; making it nearly impossible to differentiate the good from the bad.
Therefore, you should never click on links in suspicious emails. Instead, get into the habit of using a
password manager to store known good bookmarks or reputable search engines to visit sites of interest
versus clicking on links provided within emails. Additionally, always verify the domain address within the
URL bar as well as identifying the secure lock icon before providing any form of personally identifiable
information or login credentials. For those who want extra validation, websites like VirusTotal can be
leveraged to scan and verify if the URL is considered “safe”.
About the Author
Eric H. Perkins is currently the Sr. Security Risk Analyst for the
largest independent investment advisory firm in the Nation. Before
joining Edelman Financial Engines, Eric began his career in network
security while serving as an active duty Information Security Officer
in the US Army both in country and while deployed to Afghanistan.
Eric holds numerous IT certifications to include CISSP and is a
relentless advocate for security awareness. Eric can be reached at
[email protected] or online at
https://www.linkedin.com/in/erichperkins/.