Google Chrome warning over ‘green padlock’ scam that could steal ALL your info
Narkeasha|Aug. 08, 2019
INTERNET users are being warned over scam sites that use a "green padlock" to lure you into a false sense of security.
Brits are often advised to "look for the padlock" to see if a site is safe – but this advice has been deemed "useless" by experts.
In many web browsers – like Google Chrome, Firefox and Safari – you'll see a padlock next to certain websites, near the URL bar. You'll also see the URL begin with "https://" rather than "http://".
It's often seen as a sign of legitimacy, and many users believe it means the website is safe.
But security firm PhishLabs suggests that nearly half of all phishing websites now have a "padlock" in web browsers.
Now security expert Brian Krebs says looking for the padlock on websites is "useless advice".
That's because the browser padlock doesn't actually mean a website is safe.
Instead, it means that the data being transferred between you and the site is encrypted.
This stops it being read by third-parties – but doesn't mean the site you're using is legitimate in any way.
"The presence of the padlock does not mean the site is legitimate, nor is it any proof the site has been security-hardened against intrusion from hackers," said Krebs.
What is phishing? Here's what you need to know... Phishing is a type of online fraud It's typically an attempt to nab some of your data Phishing generally involves scammers posing as a trustworthy entity For instance, fraudsters could send you an email claiming to be your bank, asking for details Scammers can also set up fake websites that look like real ones, simply to hoodwink you Phishing can take place over email, social media, texts, phone calls and more The best defence against phishing is to be generally sceptical of weblinks and emails, especially if they were unsolicited
The padlock is still important, especially if you're using websites where you're transferring sensitive information.
For instance, an online shop without a padlock is dangerous to use, because hackers could snoop on your credit card info or personal details.
But it doesn't tell you whether the website itself has been set up by fraudsters.
Scammers are using this to set up fake websites with padlocks, hoping that users will believe the page is authentic.
You can browse flagged phishing pages at PhishTank – many of which have "https://" URLs, despite being scam sites.
How to avoid this scam Corin Imai, senior security advisor at DomainTools, said: The best practice for users hoping to keep themselves safe from phishing scams remains: Using extreme caution when opening unsolicited emails Cross-referencing known website URLs with the email URL in question Generally thinking before clicking.
How does Google Chrome’s Incognito Mode Work?
"Brian Krebs' discovery should come as no surprise to anyone in the security space," said Corin Imai, senior security advisor at DomainTools.
"Nothing on the internet is as it seems, and the presence of the padlock – which users often associated with online safety – is, in fact, just proof of encryption, protecting data from third parties, but not from malicious activity.
"This has the potential to lure users into a false sense of security, with dangerous consequences.
Have you noticed any cheeky online scams lately? Let us know in the comments!
We pay for your stories! Do you have a story for The Sun Online news team? Email us at firstname.lastname@example.org or call 0207 782 4368 . We pay for videos too. Click here to upload yours.
7 missing after avalanche hits Annapurna Base Camp, NepalStates to Meet Centre Today to Discuss Modalities for 2020 Census, NPR Amid Oppn; Bengal to Stay AwayMan accused of pulling gun on process server arrestedBRAVERY: 415-Pound Woman Defends Her Man - Our 'Mixed-Weight' Relationship Is Not A Fetish!Obsessive hoarder's body is found entombed in rubbish