A “Secure” site is not necessarily a “Safe” site.
When a site has installed an SSL certificate on its site, browsers such as Chrome will display a green lock icon in the address bar.
However, a site that a browser says is secure is not necessarily safe.
A site which displays HTTPS in its URL utilizes SSL encryption to send and receive information and provide improved security. The SSL certificate is issued by a certificate authority (CA), which verifies the website owner is in fact the owner of the site. That is all. The CA does not verify the site is trustworthy, safe or not malicious.
Unfortunately, with Google’s heavy push for HTTPS Everywhere as part of promoting secure online experiences for users, CAs such as LetsEncrypt have started issuing free SSLs to any website that wants to use SSL.
As a result, there are phishing sites that appear valid and secure according to your browser. But beware, they could be unsafe.
For more on SSLs and how to view certificate details to help you evaluate a site’s safety, see ‘Secure’ in Chrome Browser Does Not Mean ‘Safe’ from Wordfence.
