I am fairly sure that most of us are aware that before you put sensitive data into a website you should check that it’s secure. The easiest way to check that is to look in the address bar – I will use Google Chrome as an example. If I visit an insecure website it can present itself in a couple of ways.
In the address bar at the top something like this will appear:
The more obvious one is like this:
A potentially valid and secure site should appear like this:
You may note that I used the word potentially...
The key to this little padlock is to do with something called certificates, a certificate is a method used to secure data to and from that website. However, anyone can buy a certificate and they are not expensive, so how does that offer protection?
To get a certificate you go to a provider and request one by submitting a specific request format, the provider will then do some checks to ensure that you are who you say you are. They do this by various means but the two standard ones are: email you on a specific address associated with the request or create a specific record, either on the website or on the domain, which only the relevant people should have access to.
Certificates are also only valid for a specified time period and you have to renew them so there can be occasions when legitimate businesses forget to do this.
I come back to the use of the word potentially... There is nothing to stop me (in theory) from purchasing a domain called b-bbc.co.uk for the huge cost of £6 and then purchasing a certificate for maybe something like £5 for a year. Then with a little bit of work, I could have a site that at first glance could be bbc.co.uk.
So before you enter sensitive information on a website ask yourself some questions
1 – Is the site secure? (check for the padlock)
2 – Is the site address really the site you think it is?
3 – Why are you entering the information, does the website really need it?
4 – How did you get to the website? (Was it by an email? could it be a dodgy email?)