Why a padlock doesn’t mean a site is safe

I’ve always advised that one of the checks you can do to determine whether a website is genuine – and not put up by scammers whose sole intention is to steal your private information or your actual hard-earned cash – is to look for the green padlock symbol next to the web address in the bar at the top of your browser window. However, it’s with regret that I report this is no longer a good indication of a legitimate site, because – guess what? – scammers are increasingly using the padlock too.

Checking for the padlock was once a good way to reassure yourself about the security of a site, but unfortunately that’s no longer the case. In fact, the cybersecurity researchers at PhishLabs, who spend their days tracking illegal online activity, say that in 2018 almost 50% of fraudulent websites display the padlock, thus suggesting that they’re safe when they’re not.

In fact, somewhat ironically, if you were to enter your credit card number into one of these fraudulent sites it would probably be very safe. That’s because the padlock means the site sends information over an encrypted connection, so if you put in your passwords or security question information, only the cybercriminals who run the site would be able to see them. OK, perhaps that’s better than the whole Internet being privy to the name of your first pet, but it’s hardly ideal…

So how has this security lapse come about? Without going into the technicalities, the security certificates that enable a website owner to use the padlock symbol can now be created easily and cheaply – and the scammers know that. Sadly, the same also goes for the https prefix on web addresses. This signals any data you enter will be encrypted by the site, but it doesn’t guarantee that the data will go to good people.

So what can you do to check if a website is genuine? Well, if you haven’t used a particular site before, especially if you’re a new customer and haven’t made a purchase from it previously, spend a few minutes looking around. Read the About section, check the outbound links work and, if it’s a retail site, familiarise yourself with the Delivery and Returns pages, in order to get a sense of whether the information you would expect to be there is actually there and to see if it feels right.

As I’ve said many times, poor grammar and spelling are also giveaways. Even major organisations and big-name brands can make the odd slip-up (when I come across these I do, I admit, have a tendency to email them enumerating their errors), but if there are persistent mistakes, a site is badly designed and doesn’t hang together, or a logo is off, then it may not be genuine and it’s not worth taking the risk.

Obviously reviews can be and are faked – this is something that the consumer organisation Which has recently investigated – but that doesn’t mean you shouldn’t consult sites like Trustpilot and Sitejabber, just approach them with caution. Do the due diligence and if a site doesn’t feel right, click away. Honestly, you’re bound to be able to buy that life-size fluffy llama somewhere else.

Sarah Burns is Prizeology’s Chief Prizeologist and a National Trading Standards Scams Team Scambassador. 

© Prizeology and The Prizeologist Blog, 2018. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited.

Running a prize promotion on Facebook

It’s been a while since I’ve talked about how to running a prize promotion on Facebook prize promotion, but it’s a topic worth revisiting, partly because the rules are updated from time to time, and partly because those rules mean it’s not quite as easy as you might think to use the social media platform […]


On-Pack prize promotion: Win with Kingsmill

I like a piece of toast and marmalade in the morning. Sometimes I have a sandwich, usually hummus and carrot, for lunch. And when it comes to comfort eating, you can’t beat a nice, thick piece of bread and butter pudding. Why am I talking about bread? Because Prizeology has been working on a major […]


Prize promotions cheats

Cheating. It means acting dishonestly in order to gain an advantage. To avoid any doubt, an advantage in the context of prize promotions is a prize – a restaurant or retailer voucher, a gaming console, a year’s supply of a particular product, a holiday (back in the day when we could take holidays) and, yes, […]

Send this to a friend