How can you know for sure that the website you are visiting is who it claims to be, or that the information you send is safe and can't be hijacked by a man in the middle. Just as we humans have names and identity cards to verify who we really are, so do the websites we visit.
To get a full grasp, let's do a background revision of how our websites work. We will be using the Google Chrome browser to illustrate. We'll go over some terms.
HTTP/HTTPS: This stands for Hypertext Transfer Protocol, and it is the protocol used for communication between computers over the internet. HTTPS is the secured version of HTTP. How this works is that, one of the computers is a web client and the other a web server. The web server is the computer that has information saved on it and the web client is the computer with applications to access the information on the server remotely. Web clients are usually browsers like Google Chrome, Safari, Firefox, Internet Explorer, Edge etc.
Communication between clients and servers is done by requests and responses:
- A client (a browser) sends an HTTP request to the web
- A web server receives the request
- The server runs an application to process the request
- The server returns an HTTP response (output) to the browser
- The client (the browser) receives the response
TLS/SSL: SSL stands for Secured Socket Layer and TLS stands for Transport Layer Security. TLS is the successor of SSL and the idea is to provide a layer of security to cloth your information so that only you and the recipient can access it. SSL Certificates are small data files that digitally bind a cryptographic key to a website owner or an organization's details. It is utilized by millions of online businesses and individuals to decrease the risk of sensitive information (e.g., credit card numbers, usernames, passwords, emails, etc.) from being stolen or tampered with by hackers and identity thieves. In essence, SSL allows for a private “conversation” just between the two intended parties.
Now that we've got an idea of how connections over the web are secured, let's try to identify a secured connection and an why it is important. Because most people access the internet using mobile platforms, we'll use Android and Google Chrome as our operating system and browser respectively.
Anytime you visit a website and you see a closed padlock as the one pointed in the above screenshot, your connection is secure and the certificate the website is using is a valid one. You can't be too sure so you have to open the certificate details if you are still in doubt by clicking or taping the padlock which opens the below a drop down as shown in the below screenshot.
As shown above, after tapping on the closed padlock, tap on details to see the details of the certificate which will open up another pop up as shown below.
From the above screenshot, 'Chrome' is the web client that verifies that 'DigiCert SHA2 Assurance Server CA' the certificate authority issued the certificate for Facebook. You can go ahead and tap 'certificate information' to get details about the certificate. You can follow the same guide on any website you visit.
You could feel you are visiting a site because you've been visiting it daily and it looks the same, but you could actually be on a fraudulent website which is made to look like your regular site so you can submit sensitive information like login details, credit or debit card details so a hacker can get a front door entrance into your restricted website or business application completing transactions as you. This process is called Phishing. Many people have lost their online accounts and business applications because they fell for a phishing attack. Others it's just their Facebook profile. Because Facebook has the highest number of users, it's where phishing has been most effective recently with an increasing number of users reporting their accounts been hacked.
A phishing website can also have an SSL certificate, in fact most of them do now so connecting securely is not the end of the security, you also have to know the web address of the website you are visiting. If uncertain, verify. Mistaken web addresses can happen easily within an organization that has web apps with links listed or in menu style and employees are not familiar with them or with links changing frequently and more than one link for the same business application. An attacker could share a link to a phishing site and employees could follow it and willingly submit their login details. On a lighter note, a fake Facebook or Gmail page could be set up, a link asking you to watch a video, usually porn or winning big money, you click on it without verifying the web address or security details and submit your login details.
Phishers rely on the ignorance of people about identifying a secured website and verifying web addresses, also the rush for porn and free money or cheap deals. Be safe on the internet and if it's too good to be true, it is not.
If you find this article helpful, share and watch out cos more are on the way.