Browser Security: Green Padlock Is Far From Safe

Browser Security: Green Padlock Is Far From Safe

If you rely on the green lock in the browser bar to find out if a website is safe, you live dangerous.

The green lock icon in the browser address bar is often interpreted as a sign that the visited page is safe. This assumption has never been correct, but it is becoming more and more dangerous. According to new research, more than half of all phishing sites have a green lock – someone relying on this symbol as a security indicator could become a victim of fraudsters. The browser manufacturers are therefore now going to abolish this symbol.

Half Of All Phishing Sites Have A Green Lock

The green lock actually means that the data traffic from the browser to the server runs over HTTPS and is encrypted via TLS. This in turn means that third parties can not read the traffic on the way from the user to the website. As security researcher and journalist Brian Krebs reports, more than half of the scam sites are now accessible via HTTPS and have a green padlock. The scammers go to the trouble of encrypting traffic to their phishing sites, as many still see the green lock as an indicator of a website’s trustworthiness. Attackers use this confusion to lure victims into phishing traps.

Because the green lock is misunderstood by many users, the browser makers most notably Google with Chrome and Mozilla with Firefox are in the process of destroying this icon altogether. They are increasingly turning to all web pages that allow connections unencrypted over HTTP as unsafe. Because regardless of whether these sites are trusted or not, the traffic to them could be unsafe in any case. Users still need to look out, in order to detect phishing scams and other scams on the web.