As the internet continues to evolve, in good ways and bad, there’s always a constant stream of tips and suggestions for safeguards to keep your information safe online. Some of those tips have been around for years, and potentially ingrained in your psyche. Among those would probably be knowing how to identify websites that might actually be scams. You just look for the trusty padlock icon to the left of the URL. That indicates everything’s legit, right? Actually, it doesn’t.

Just because it’s secure doesn’t mean it’s safe

You shouldn’t have to go through a checklist every time you get online. I mean, you’re not flying a plane after all. But you would be wise to make sure the sites you visit are actually safe. Typically, that means glancing up at the URL, and checking for the padlock symbol along with the “https://,” with the “s” indicating the site is secure. That indicates that info going back and forth between your browser and any given site is happening over a secure, encrypted connection, which is especially important where you enter sensitive information into online forms such as credit card numbers. But what you need to realize is that just because a site is secure doesn’t necessarily mean it’s safe. Bonus: Fake Black Friday apps and websites are now out in full force You know what the padlock means. The problem is, scammers know it too, and they’re adding that symbol to their websites so you’ll drop your guard. In fact, almost half of those of those fraudulent sites have the padlock, first reported by security writer Brian Krebs. According to data from PhishLabs, a cybersecurity firm, less than one half a percent of phishing sites had the padlock symbol in 2015. That number skyrocketed, up to 24% last year and around 49% right now at the end of 2018. It’s a win-win for cyber crooks, since it’s become easy and cheap to use an encrypted connection and to obtain certificates that allow the padlock to be displayed on their sites.

Staying away from scam websites

Some browsers issue heavy warnings to users about potentially dangerous and unsecure sites. That’s part of the reason scammers started adding the padlock in the first place. But don’t use the padlock alone to determine a website’s legitimacy. Whenever possible, type the URL yourself instead of clicking on a link. Besides browsers, security software can also back you up, with the ability to alert you to possible fraudulent sites as well.