Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Federal Government Websites Give Misinformation About Their Security

March 31, 2020

Krebs on Security reported on March 20 that a number of government site are giving users some bad security advice. If you've noticed, many government websites have messages at the top of their home pages trying to help users distinguish between phony government sites and real ones.

Part of the language is misleading. It often says "the https:// ensures that you are connecting to the official website . . . "

In truth, the https:// part of an address (also called "Secure Sockets Layer" or SSL) merely indicates the data being transmitted back and forth between your browser and the site is encrypted and cannot be read by third parties.

However, the presence of "https://" or a padlock in the browser address bar does not mean the site is legitimate, nor is it any proof the site is immune from hacking.

So while readers should never transmit sensitive information to a site that does not use https://, the presence of that security feature does ensure the site is secure.

According to PhishLabs, by the end of 2019 roughly three-quarters (74 percent) of all phishing sites were using SSL certificates. PhishLabs found this percentage increased from 68% in Q3 and 54% in Q2 of 2019.

"Attackers are using free certificates on phishing sites that they create, and are abusing the encryption already installed on hacked web sites," PhishLabs founder and CTO John LaCour said.

Anyone can get an SSL certificate for free, and that's why most phishing sites now have them. The other reason is that they help the phishers appear legitimate, since many Web browsers will render a security warning on non-https:// sites.

It is also not difficult for anyone to get their own .gov domain name.

So be careful out there – and remember that any non-government site marked as https:// may also be compromised.

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225|Fairfax, VA 22030
Email: Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

Federal Government Websites Give Misinformation About Their Security

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer