The Cybersecurity FAQ series, in the Demystify Cyber project's blog, looks at some commonly asked questions about cybersecurity and cybercrime. If you have a query you would like covered in a future blog post please contact Demystify Cyber via the contact form.
________________________________________
QUESTION: If the website has HTTPS does that mean it is safe?
ANSWER: HTTPS means the web traffic is encyrpted for data transmission security but does not mean the website is safe.
The Hypertext Transfer Protocol Secure (HTTPS), first used in 1994, places a layer of encryption over HTTP to help prevent sensitive data, like payment details, being eavesdropped or leaked. This means that a site using HTTPS is encrypted and private, however just because a website is using HTTPS does not mean the site is safe from being compromised, nor does it prevent a site from dropping malware on its visitors' computers or being used to phish for credentials. In fact criminals may purchase their own certificates to create malicious websites using HTTPS.
Do not be lulled into a false sense of security when you see a site is using HTTPS, it may be encrypted but that doesn't mean the site is not being used by criminals.