A fake PayPal website (lower one) has been used for phishing recently. Hackers not only duplicated the official website (upper one) but also invested on SSL certificate, i.e. encrypted HTTPS website, to enhance its authenticity and credibility.
How Does “Secure” Phishing Website Work?
Google Chrome & FireFox mark all non-encrypted websites (HTTP) as “Not Secure” while encrypted websites (HTTPS) as “Secure” with green-padlock symbol in the address bar to help users identify a more secured data transmission process.
Hackers registered a domain name started with “PayPal.com”. In fact, its URL is very long. If users access the website by mobile, the address bar is too short to display the full URL but the first part of the website. In addition, address bar displayed the green-padlock symbol with “Secure” stamp, users assumed the website is completely safe and handled over their personal data or credit card information.
Expert reiterated that the HTTPS-secured browsing guarantees an encrypted data transmission between the server and end-point users. However, it cannot ensure the website content or use of the site is safe!
TIPS:
1) Distinguish Fake & Official Websites
In the above PayPal example, the official website (upper one) adopted the highest class Extended Validation Certificate (EV SSL Cert) ,which requires additional verifying process by a third-party, displays the green-padlock symbol and the company/ organization name (i.e.“PayPal, Inc. [US]”) in the address bar.
2) Stay Alert
Do not open or click strange e-mail, attachments, online advertising or links.
3) Domain Name
Check the full domain name on the address bar. Generally, company or brand name will be shown on domain name precisely.
BONUS TIPS:
- Register your company & brand name related domain names, e.g. ABC.com / ABC.com.hk/ ABC.hk etc.
- Apply the highest class EV SSL Certificate to identify your official site.
For more cyber security tips, call us at (852)
2554 7545 or fill-in below form.