Below are instructions with steps on how to verify SSL certificate used by a website on an Internet Explorer web browser. Please note that you cannot verify security certificate on Internet Explorer Edge version.
1) Type URL you want to verify into an Internet Explorer address bar.
2) Make sure that URL starts with https:// and that lock button is displayed at the end of an address bar.
3) In order to view the certificate, you need to click on a lock button on the right side of the address bar.
4) After clicking on it, you will see a small pop-up window with the certificate details.
5) In order to see actual details of an entity which registered the certificate, you have to click on “View certificates” link at the bottom of this window.
6) To open full certificate details click on a triangle next to “Details”.
7) Look at the information about certificate owner and make sure that it looks legit and matches an owning entity of the website. If you have any suspicion about information in the certificate contact customer support of the website in question.
Phishing
Avoid phishing attacks
Below are several simple methods to avoid common types of phishing attacks:
Check that site uses SSL
Do not enter personal information to the website unless it uses an encrypted connection. To check if website uses encrypted connection you need to look at your browser address bar and verify that lock icon is displayed next to a website name. Also website URL should start with “https://” instead of “http://”
Check links
Make sure that links that you click are pointing to a place where you want to go. Hover over a link to make sure it is pointing to a website that you want to go to. Be suspicious of any e-mail which requires you to click something. It is always better to enter URL directly instead of clicking on it. There are certain cases where clicking on a link from e-mail is a valid scenario but typically these e-mails are generated only when you perform some action on a website which generated an e-mail (for example activation e-mail is sent when you register to a website). So you should always be in control on what e-mails are coming to your inbox and what you click on.
Avoid pop-up windows
None of pop-up windows will lead you to something good. If you see a pop-up window close it using small X button in the right top corner (for the Windows OS) and red x button in the left top corner (for the OS X).
Update your browser and Antivirus
Make sure that your browser and antivirus is up to date. New types of attacks appear every day and having latest software will help you to avoid attacks which were just fixed by browser and antivirus developers.
Check your online accounts
Make a habit of checking your online accounts regularly. This will help you to have hackers red-handed and react to attacks before they even started.
Types of phishing attacks
Employees of United States corporations are frequently becoming victims of phishing attacks. One of the reasons for that are hackers which impersonate various corporate website trying to get victims money.
It is important to know what phishing techniques hackers can use against you in order to be prepared for the attacks. Below we describe several most common techniques used by hackers.
Email and Spam
This is the most common type of phishing attack. Hackers send malicious e-mails to all e-mail addresses they can get their hands on. These e-mails usually contain requests to urgently do something, like confirming an account, changing address, verifying identity. In order to do this, hackers will then direct a user to a website which will ask them to fill in the form with personal details. These details will later be used for illegal activities.
Spear phishing
Spear phishing is a type of phishing when hackers target their attack to a specific number of people or a certain person. It is different from the typical phishing attack where hackers send the malicious e-mail to thousands of e-mail addresses in a hope that someone will get caught. In the case of spear phishing hackers will try to extract important information about the user from the open sources on the internet, leaked databases, phone books. For example, lots of e-mail addresses of corporate employees could be extracted from the internet forums, blogs, and other open sources. Recently LinkedIn also became a popular source of such information for hackers. After hackers get all information they can get about a person they launch a customized attack making sure to use all information they got to deceive their victim.
Content Injection
In the case of content injection hackers attack a credible website and change information on it in a way to redirect users to the malicious page where information could be gathered by hackers. For example, hacked shopping site could send to a malicious payment page where the user will be asked to enter their credit card information. This credit card information won’t be used for the payment but instead, hackers will later use it for illegal activities.