Kolkata: Recent reports in Kolkata reveal a disturbing trend where cybercriminals are exploiting ‘secure' websites to defraud users. Three victims reported losing money to fake websites despite them showing HTTPS security certificates and the familiar green lock symbol.
"The green lock and ‘secure' label beside a URL no longer guarantee complete safety," said an officer. "Fraudsters can obtain legitimate HTTPS certificates for phishing sites by simply registering domains in foreign countries and linking them to registered emails and SIMs. They are now using mule accounts, including G-mail, to create deceptive pages that appear secure but are designed to steal information."
Police said complaints have come about an electric scooter purchase, ordering liquor online, and shopping for sportswear online. "In one case, the loss was above Rs 65,000," said an officer.
The green lock means that the site was issued a certificate and that a pair of cryptographic keys were generated for it. Such sites encrypt information transmitted between you and the site. In this case, the page URLs begin with HTTPS, with the last "S" standing for ‘secure'. But simply, all a green lock ensures is that no one else can spy on the data you enter. But your password can still be stolen by the site itself if it's fake. While HTTPS encryption ensures private data transmission between users and websites, it doesn't verify the site's legitimacy.