The FBI’s Internet Crime Complaint Center (IC3) says that more and more cyber criminals are capitalizing on website visitor trust in phishing campaigns. Criminals are using third-party verification website certificates to provide untrustworthy websites with the lock icon or “https” that appears in the address bar, which are usually indicators that the website is secure.
The lock icon and “https” in the address bar are increasingly being used by legitimate websites, but the IC3 released recommendations to ensure that a dangerous website isn’t disguising itself as safe in an attempt to acquire secure logins or other information. IC3 suggests that users:
- Question the intent of the email that might have led you to the website. Don’t automatically trust the name of the sender;
- Confirm an email is legitimate by calling or emailing the contact if you receive a suspicious email from with a link from a known contact;
- Do not reply directly to a suspicious email without verifying it’s legitimate;
- Check for errors in the spelling of the domains within a link that might be trying to trick you. Also, ask if the web address should end in .com, .gov, .edu, etc.; and
- Do not automatically trust websites that have lock icons or “https” in the web address browser bar.