Let me start off by saying you didn’t win the Nigerian Lottery. No Prince in Romania is ever going to give you any money and PayPal does not need you to resend your username and password.
People are falling for things like this everyday and I know what you’re thinking.
“I would never fall for that.”
And you would be right. The vast majority of us don’t fall victim to computer fraud by sending emails to princes. Internet users get swindled by sophisticated hackers who penetrate unsecured websites. When an unsuspecting user puts their credit card in, its game over.
How are you supposed to protect yourself online? Some people just avoid it all together and that is an option. If you have kids then its probably not an option. Turn off the Internet and you may have a rebellion on your hands.
People ask me all the time about the difference between HTTP and HTTPS. My quick answer is:
“HTTPS is Safe”
The ‘S’ stands for secure, which is what you are when you see the little green lock on a website. Entering credit card information on a website without any validation opens you up to identity theft and a frozen bank account. Especially over a WiFi connection. WiFi is great but its not secured. A kid with a Packet Sniffer can grab your router password and hack your device using your home network.
You should never shop online unless you see the green padlock symbol. Even if the website owner is a great guy and wouldn’t steal from anybody, on HTTP anyone can eavesdrop and potentially steal your debit card number. Especially over WiFi. An unsecured online shop is a hacker’s dream.
Google recently started giving websites that utilize HTTPS a 1% advantage over HTTP websites in search rankings. They are doing it to promote security on the web. Google is moving slowly on this so the world can get the SSL (Secure Socket Layer) certificates over time. Within a couple years all the sites you visit will probably have the green lock.
The little green lock tells us that there is a name on file at a domain registrar like Godaddy. We are trusting that the owner of the website entered their information correctly and is a real person. I have a few of these SSL certificates and I could have provided my name as Bo Jackson, Mother Teresa, or some other cool name that struck my fancy. My point is that even with a Standard SSL certificate, or little green lock, you’re still not as safe as you could be.
You’ve seen the big green bar with the company’s name before right? That’s Extended Validation SSL Certificates or EVSSL. EVSSL Certificate issuers make companies jump through hoops to verify themselves. The certificate issuer checks to make sure that the company is who they say they are and proves it with documents and investigation. When you see a green bar with the name of the company in it you are as safe as the Internet gets.
Encryption has been far outpacing decryption for some time now and that is good for privacy but bad for the FBI. Did you see how long it took them to crack an iPhone? SSL certificates and HTTPS work great and will only get better. We may be entering a golden age of internet security as the average user is becoming more and more educated about the perils of cyber space. They’re learning to not get Phished.
Happy surfing.
SECURE YOUR HOME – PDF POSTER – REALLY GOOD
Justin Werner is the owner of Tuned In Studios, a respected web development and security company based in Oregon. Fifteen years of fighting hackers has taught him many things. Chief among them is the need for prevention through education.