Oregon FBI Tech Tuesday: Building a Digital Defense When Trying to Surf Safely
Welcome to the Oregon FBI’s Tech Tuesday segment. This week: building a digital defense to stay safe while surfing online. October marks Cyber Security month in the U.S., and over the next few weeks we will be focusing on some back-to-basic topics to keep you safe on the Internet.
For years, you’ve been told to look at any given web address to make sure it starts with an “HTTPS” designation. That “HTTP”—or Hypertext Transfer Protocol—is how your browser talks to the website. The “s” at the end indicates that it is now Hypertext Transfer Protocol Secure, meaning that the communication between your browser and the website is, well, now secure. Also, you are told to look for the “lock” icon in the address bar. That, combined with the HTTPS designation, are supposed to indicate the web traffic is encrypted and that visitors can share data safely.
Unfortunately, cyber criminals are also banking on the public’s trust of “HTTPS” and the lock icon. The FBI’s Internet Crime Complaint Center is reporting that fraudsters are now more frequently incorporating website certificates—third-party verification that a site is secure—when they send potential victims emails that imitate trustworthy companies or email contacts. These phishing schemes are used to acquire sensitive logins or other information by luring victims to a malicious website that looks secure.
The following steps can help reduce the likelihood of falling victim to HTTPS phishing:
- Do not simply trust the name on an email; question the intent of the email content.
- If you receive a suspicious email with a link from a known contact, confirm the email is legitimate by calling or emailing the contact; do not reply directly to a suspicious email.
- Check for misspellings or wrong domains within a link (e.g., if an address that should end in “.gov” ends in “.com” instead).
- Do not trust a website just because it has a lock icon or “HTTPS” in the browser address bar.
As always, if you have been the victim of an online fraud, report it to the FBI’s Internet Crime Complaint Center at www.ic3.gov or call your local FBI office.