When you browse to a website there is a certain level of trust that is required. You assume that if you type in a specific URL, you will connect to that website and in turn the data you provide to that website will be kept secure.
Unfortunately cyber criminals continue to find new ways to inject themselves between you and the secure websites you are trying to visit.
The most important thing to remember whenever you browse to any website that requires you to provide login credentials or any confidential information is to look for the encrypted session. By now most of you will be very familiar with the concept, but the reality is that people often don’t pay attention. When you visit a website and the URL starts with “https://,” it indicates that the webpage you are viewing has been encrypted and should generally be considered secure. Of course just having those characters at the beginning is not a guarantee. You also need to confirm that the encryption is validated. To accomplish this, most modern web browsers will display a warning if there is a problem with the encrypted session. It is up to you to choose to ignore this warning or not. There should never be a situation where you continue to provide confidential information to a website if you have received a warning that the connection is not secure. This warning is telling you there is something wrong. If there is something wrong, you can’t trust anything about the webpage.
If you visit a website that is asking for login or other confidential information and you do not have an encrypted connection with “https://,” you should stop. Any legitimate website will always provide encryption when requesting this type of information. It is very easy to get lazy. If you visit a website often, as long as the site looks the same as every other day, it is easy to stop paying attention to the URL. However you need to remain diligent to ensure you remain secure.
It is also important to remember that you can manually type in the URL for where you would like to go, but actually end up at a malicious website instead. Even worse, the URL will still reflect that website you intended to connect to. This is due to both “Man in the Browser” and DNS type of attacks.
Read more in Security: