Phishing is a type of internet attack which tricks users into thinking that they are located on a secure bank/corporate/government website while instead of being redirected to a malicious website which goal is to steal user personal information. Typically login (username and password) information is stolen. Losing this information could have very dangerous consequences because hacker may gain complete access to user account information on a website which is subject to the phishing attack.
Below we provide several simple steps which can give you some piece of mind and make sure you’re not a subject of phishing attack. This technique relies on checking SSL certificate of the website to which you were redirected and making sure that certificate is authentic. Even though this technique will not guarantee a 100% protection from phishing attack (certificate forgery is still possible) it considerably lowers chances that you are on a phishing website.
We also strongly recommend that you install one of the leading phishing protection software to make chances of becoming a subject of phishing attack even lower.
Verify SSL certificate in Safari
- Make sure that a lock icon (gray or green) is displayed next to the website name.
- Click on the lock icon.
- Click on Show Certificate button.
- You will see details of website SSL certificate.
- Check following things.
- “This certificate is valid” message displayed with a green checkbox.
- Website name matches the name of the website you planned to visit.
- If you open Details section on the certificate you can also see an address of a company which received this SSL certificate and details of certificate authority who issued a certificate. Verify it to the best of your knowledge.
Verify SSL certificate in Chrome
- Make sure that a lock icon (gray or green) is displayed next to the website name.
- Click on the lock icon. You will see information if your connection is secure. Typically you should expect to see following message: Secure connection. Your information (for example, passwords or credit card numbers) is private when it is sent to this site. If you see a different message and connection is not secure then you need to take further actions to verify that website is authentic.
- Click on Details under this message.
- You will see certificate details windows.
- Check following things.
- “This certificate is valid” message displayed with a green checkbox.
- Website name matches the name of the website you planned to visit.
- If you open Details section on the certificate you can also see an address of a company which received this SSL certificate and details of certificate authority who issued a certificate. Verify it to the best of your knowledge.