The sad truth is the internet is a place where cyber criminals are after your money. Yes, by accessing this article you must be connected to the internet and therefore you are likely enjoying the benefits of a connected world, but the bad guys can’t wait to catch their next victim.
But it’s not exactly news that people want to trick one another for the same old thing: cold, hard, cash. What has changed over time is the tactics that are being used. Nowadays, with the high adoption of the internet and the rise of online shopping and banking, there is a noticeable uptick in phishing scams.
Check the URL
We strongly recommend making a habit of checking the address bar in your browser, as the URL that is displayed there contains pivotal information for safe browsing. For starters, here is some basic info that’s essential to knowing whether you are on a safe page or not based on how the URL is constructed:
Avoid HTTP connections
Alongside the domain, there is another factor that gives away a fraudulent site: the connection security. This will make or break the privacy of the information that you transfer over the internet; if the website uses HTTP, you should know that the connection is not private and that anyone can intercept or manipulate the information you send.
A secure connection is created by SSL (secure socket layer) which has since been succeeded by TLS (Transport Layer Security). If the connection protocol within the URL shows HTTPS, you know that the connection to that website is secure.
In other words, don’t fall for a huge discount and make a purchase at an online store that uses an HTTP connection. By doing so you’ll hand over your credit card details to cyber criminals, along with an invitation to use your funds at their free will.
How to avoid entering passwords on phony websites
Before entering credit card details on a payment page, we recommend checking the authenticity, armed with your newfound knowledge of URLs and connectivity. Of course, the autofill featureof browsers will offer to fill out forms on any website, but it’s up to you whether or not to allow it.
Here is the checklist we recommend using before entering any sensitive data:
- Check the URL for any signs of a phishing scam. If the URL is long and/or complicated, then navigate away immediately and delete any cookies that were stored by your browser.
- Look for the padlock. If it’s HTTPS, you’ll see a padlock or a key on the left side of the address bar.
How password managers prevent you from entering data on scam sites
The best way to protect yourself against scam sites is by using a password manager. Once you have saved the credentials for a specific website, it won’t autofill the data unless the URL matches the one in its database. In other words, even if you do click on a phishing email prompting you to log into Gmail, the password manager won’t autofill in your credentialsbecause it first checks to see if the URL matches one saved in the secure vault – if it isn’t, it won’t have any data to enter. If the phishing site is based on a site you regularly visit, this will be a surefire giveaway that there is something fishy going on.
István F.
Adam B.
User feedback