We’ve been taught that secure websites (those that start with
https rather than
http) are more trustworthy than those that do not. While this has some validity to it, this is not always the case.
HTTP vs HTTPS
HTTP (Hyper Text Transfer Protocol) and HTTPS (Hyper Text Transfer Protocol Secure) define how websites are transferred from the server to you, the client. HTTP sends data unencrypted, anyone who has an antenna at the right frequency, a line listening in between the router and the Internet provider, or any of the other steps along the way, can see exactly what you request, and what the website returns to you (this can include personal information), which is why HTTPS is used now.
HTTPS encrypts your data, so information you send to the website (such as your name, credit card details, etc.) cannot be intercepted by hackers listening in on the conversation; however, this does not make the site trustworthy.
For a site to use HTTPS, they must first acquire a certificate from a provider. There are some providers (such as Cloudflare) that are free, which can allow scammers to host a (now secure) phishing website. While services such as Cloudflare do take down phishing scams, often they have already moved on to another scam, making them difficult to stop.
What does this mean for me?
While it encrypts your Internet activity from you to the website, HTTPS does not mean that a website is secure. Scams are everywhere, and scammers are easily able to obtain certificates to secure their website, making it look legitimate to potential victims of the scam.
Online scams usually have several red flags. If you see some of these red flags, you should leave the site instantly. As part of the TempMail.lol blog, we will be releasing several articles on scams on the Scams category with information on how the scam works, signs of the scam, and how to avoid them. Stay tuned!