From HTTP many websites have gone to HTTPS for reasons of security. HTTPS was at first used mostly for the transfer for security information such as passwords but then extended to complete webpages. One of the reasons to do is is to make sure the site is not redirected from somewhere else, and that another party can’t just inject information during the transfer. This also prevents what some web hosts have done, which is to insert their ads onto your pages!
There are other ways to improve security that you might try yourself for a safe web browsing experience. One of these is using another operating system instead of Windows.
You could instead be using a unix like operating system such as FreeBSD, OpenBSD, Linux , illumos, TrueOS (previously PC-BSD) for example. You can run these inside a virtual machine such as VirtualBox, no need for another computer nor to reformat your hard disk.
Websites for which security is very important
This is any site which exchanges critical business information, personal information, credit card information, orders, etc.
An interesting set of such websites is gambling websites such as PlayAmo Canada, which have started using various ways to improve the security which is logical due to the possible financial implications.
How to know whether you are connected to a https-website
You can see whether or not you are connected to a website with an HTTPS connection by the address in your web browser’s address bar. If that starts with “https://” then your are safe. You will further see a lock icon which you can click for more information about the website’s security.
Some browsers hide the start “http://” or “https://” by default, in which case you need to check for the lock icon next to the website’s domain name. But even with such browsers you will see tht the connection is by https when you click on the address bar, it should then show you the start, i.e. “https://”.
If you’re using an unfamiliar network (e.g. on holiday using WiFi) and you connect to your bank’s website, look for the HTTPS indicator and the correct website address. If you don’t see an HTTPS indicator, especially on the login page, then the site may be a fake website that you may have been directed to by someone injecting fake responses and directing you to that website on that network.
Phishing and scam tricks
That a website uses HTTPS doesn’t mean it is a legitimate site. It could be but it could also be a site using a weird name added to the start so you may only see the expected part esp. In the previews of links shown in emails, and then these websites will then use their own fake validation servers…
Others use real certificates which only means that the people that put up that site are the ones who are creating that site and thus who actually own (i.e. have control over) that site.
An address such as https://google.com.jkxz555.com while using an HTTPS connection is clearly a fake site, as you can see already from the complete name. Check for the complete name, by hovering with the mouse over links in emails!