I have seen many sites using a logo, provided by the security certificate vendor, be it VeriSign, Thawte or any for that matter. Most of the people trust this logo as they can check the validity of the site in real-time. Now comes the real question. Are you really getting the authenticity of the website? It is true sometimes, but not always. In the recent past I have seen many websites with the security logo which will enable the users to verify the authenticity of the website.
The phishers/attackers take the advantage of HTML coding. They just embed the target URL which will result while you are on the genuine website. Let.s check the scenario with eBay.
The Login page of Ebay has the VeriSign Secured logo. Verify the site by clicking the logo; it will take you to
https://seal.verisign.com/splash?form_file=fdf/splash.fdf&lang=en&dn=sig.
Now let.s see this URL
Where did you reach? Does this give an added assurance to the user? No!!! This can be imitated even by the attackers and eventually it will make the fake site more authentic.
Please take these logos as reminders and not as the security assurance. If you have followed an external link to reach the website where you want to trust the security, then re-enter the URL by hand in a new browser window, be on the safer side.
0 Comments