Trust But Verify: Ensure Safe Web Browsing

Andrew Allemann | November 30, 2017

4 min read

Google recently made a big update related to security in its popular Chrome web browser. As we noted in a previous post, when users input information in a form on a website that is not secured with SSL, the browser will display a warning:

This security improvement in Chrome is important for website owners, but it could instill a false sense of security when people surf the web. Below, we’ll discuss what to look out for and how to make sure you’re protected.

What is SSL?

SSL stands for Secure Sockets Layer. A site with an SSL certificate provides an encrypted link between the website and your browser so that the information you send through the website (such as your credit card or login details) remains private while in transit to the website’s server.
You can identify a site using SSL in a number of ways. Web addresses on secure domains will start with https:// instead of http://. Your browser will also display a padlock icon indicating that the site is secure. There may also be a site seal or other indicator on the website itself noting it’s an encrypted transaction.

Your Site Needs SSL

The Google Chrome update has been a call-to-action for website owners to add SSL to their website. Even if your site does not offer e-commerce, Chrome will flag the site as not secure if someone enters text into any web form.
This means all WordPress sites with comment forms will be flagged. Even a site with just a search box can trigger a warning.
Not having an SSL certificate for your website may lead to reduced comments on your blog, fewer people filling out contact forms, and people abandoning your site, fearing it might not be safe overall.
Thankfully, the cost of adding SSL to websites has dropped significantly, putting them in reach of all website owners. Namecheap offers SSL certificates starting at just $9.00 per year.

Users Beware

As a website owner, adding SSL is a no-brainer. But as a website visitor, it’s important to understand that SSL encryption has limitations.
Even though the transmission between your computer and a website might be protected by an SSL certificate, you should make sure that you’re dealing with a legitimate website in the first place. Websites that are spoofing other websites can still be secured with SSL. That means your information could be sent securely… but to a crook rather than the business you intended.
Researchers at Georgia Tech recently analyzed spoof websites and found over 100,000 such websites using SSL.

If you have any reason to suspect a site may not be legitimate (especially if you get a link via email), here are a few ways to check:

Visually review the URL. Symbols, dashes, or modified site names (e.g. g00gle.com) or unexpected domain extensions such as .info on a major retailer can be red flags.
Look for bad English grammar or spelling, odd layout, or other oddities on the home page.
Be wary of sites with ads all over the home page, intrusive pop-ups, or audio that plays immediately. This isn’t always a red flag, especially for blogs and news media. Generally, though, you wouldn’t expect this content on a bank or merchant site like Amazon or Namecheap.
Check site URL with Google Transparency Report to reveal any unsafe content.

So, before you buy a pair of shoes from a secure website you think is affiliated with Nike, double-check the web address to make sure it’s not fake.

Trust but Verify

To recap, there are two crucial things to do with Chrome’s recent changes:

1) Website owners should add SSL to their sites now.
2) Website visitors should check that a site is secure but also verify that the site itself is legitimate.

If you run a website, don’t delay. Protect your visitors by adding an SSL certificate to your website. Namecheap offers SSLs starting at just $9.00.