In light of my previous post where I talk about how it’s relatively easy to commit a man-in-the-middle attack, I feel like I should explain how people can protect themselves.
If you’re typing information that you consider private (typing your SSN or typing a password, especially for webmail or your bank), use this checklist:
- Go to the login page (the page that asks you to type your password), but don’t type anything yet!
- Look at the address bar at the top of your web browser.
- Inspect the web page address and make sure it’s correct. For example, if you’re logging into Bank of America’s website then the address should be https://www.bankofamerica.com/ and not https://www.bankofamerica.youcantrustus.com/ and not https://www.bankofamerica.com@3468664375/ (the difference between these is subtle, but extremely important)
- There should either be blue or green text, and/or a blue or green background in the address bar. Sometimes your browser will even show you the name of the company who operates the website; this gives you an extra level of trust.
- There should not be a red X, a broken lock, a black slash, a yellow caution triangle, etc.
That’s it. Beyond that you’re trusting that the owner of the website you’re using knows what they’re doing and is competent.