Why a padlock doesn’t mean a site is safe

I’ve always advised that one of the checks you can do to determine whether a website is genuine – and not put up by scammers whose sole intention is to steal your private information or your actual hard-earned cash – is to look for the green padlock symbol next to the web address in the bar at the top of your browser window. However, it’s with regret that I report this is no longer a good indication of a legitimate site, because – guess what? – scammers are increasingly using the padlock too.

Checking for the padlock was once a good way to reassure yourself about the security of a site, but unfortunately that’s no longer the case. In fact, the cybersecurity researchers at PhishLabs, who spend their days tracking illegal online activity, say that in 2018 almost 50% of fraudulent websites display the padlock, thus suggesting that they’re safe when they’re not.

In fact, somewhat ironically, if you were to enter your credit card number into one of these fraudulent sites it would probably be very safe. That’s because the padlock means the site sends information over an encrypted connection, so if you put in your passwords or security question information, only the cybercriminals who run the site would be able to see them. OK, perhaps that’s better than the whole Internet being privy to the name of your first pet, but it’s hardly ideal…

So how has this security lapse come about? Without going into the technicalities, the security certificates that enable a website owner to use the padlock symbol can now be created easily and cheaply – and the scammers know that. Sadly, the same also goes for the https prefix on web addresses. This signals any data you enter will be encrypted by the site, but it doesn’t guarantee that the data will go to good people.

So what can you do to check if a website is genuine? Well, if you haven’t used a particular site before, especially if you’re a new customer and haven’t made a purchase from it previously, spend a few minutes looking around. Read the About section, check the outbound links work and, if it’s a retail site, familiarise yourself with the Delivery and Returns pages, in order to get a sense of whether the information you would expect to be there is actually there and to see if it feels right.

As I’ve said many times, poor grammar and spelling are also giveaways. Even major organisations and big-name brands can make the odd slip-up (when I come across these I do, I admit, have a tendency to email them enumerating their errors), but if there are persistent mistakes, a site is badly designed and doesn’t hang together, or a logo is off, then it may not be genuine and it’s not worth taking the risk.

Obviously reviews can be and are faked – this is something that the consumer organisation Which has recently investigated – but that doesn’t mean you shouldn’t consult sites like Trustpilot and Sitejabber, just approach them with caution. Do the due diligence and if a site doesn’t feel right, click away. Honestly, you’re bound to be able to buy that life-size fluffy llama somewhere else.

Sarah Burns is Prizeology’s Chief Prizeologist and a National Trading Standards Scams Team Scambassador. 

© Prizeology and The Prizeologist Blog, 2018. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited.

How to run prize giveaways on Instagram

Instagram prize giveaways are a popular growth hack adopted by both small businesses and large brands. They are a great method of promoting products and services, encouraging consumer engagement, as well as attracting new followers (Influencer, Molly Mae gained a whopping 308,237 new followers as a result of her Louis Vuitton giveaway). As prize promotion […]


New Prizeology prize promotion for KP Snacks

New Prizeology prize promotion for KP Snacks Prize promotions specialist Prizeology has produced an on-pack, text-to-win promotion for KP Snacks, which launched 1 May and is currently in stores. Flashedpackets of Discos, Hula Hoops, McCoys, Nik Naks, Skips and Wheat Crunchies encourage customers to ‘Text to win the year in cash’, and there are 25 […]


Scam alert: Dyson loyalty programme

Scam alert: Dyson loyalty programme A member of the public recently received an email from Dyson, giving them the chance enter a prize promotion. The email came from a genuine-sounding email address – contact@dyson.com – but the recipient was suspicious and forwarded it to Which’s scam alert service. At first glance the email certainly looked […]

Send this to a friend