Posted on

Reference Number ACG-CSB 022425382

The following information was obtained from different cyber security sources for notification to all parties concerned pursuant to the mandate of the Philippine National Police Anti-Cybercrime Group (PNP ACG) and classified as “Restricted” pursuant to the PNP Regulation 200-012 on Document Security and Impact Rating as high based on PNP Information Communication Technology (ICT) Security Manual s.2010-01 p. 22 and p.129.

SUMMARY

Before entering passwords, credit card details, or any personal information on a website, it is essential to check for HTTPS encryption and a padlock icon. This simple step can help prevent hackers, identity theft, and online scams. HTTPS (HyperText Transfer Protocol Secure) is a security feature that protects information when accessing a website. It ensures that any data entered, such as passwords or credit card details, is encrypted and safeguarded from hackers.

Here are the reasons why verifying HTTPS is important:

  1. Protects Sensitive Information: Without HTTPS, any data entered on a website can be intercepted, similar to sending a postcard that anyone can read. HTTPS encrypts this information, making it unreadable to unauthorized parties;
  2. Reduces the Risk of Fake Websites: Cybercriminals often create fake websites that resemble legitimate ones to steal personal data. If a website does not use HTTPS, it may indicate a potential scam;
  3. Enhances Security on Public Wi-Fi: Free Wi-Fi at locations such as cafés, airports, and hotels can expose data to attackers. HTTPS helps secure online activity even on unsecured networks; and
  4. Browser Warnings Indicate a Risk: When a browser displays a message such as “This site is not secure,” it means that any data shared could be vulnerable to threats. These warnings should not be ignored.

How to Tell if a Website is Secure (HTTPS Encryption):

  1. Look for the Padlock Icon 🔒 – A secure website will display a padlock icon next to the web address (URL) in the browser’s address bar. This indicates that the connection is encrypted and helps protect transmitted data.
    1. ✅ Locked Padlock: The website is secure, and your data is protected.
    2. ⚠️ No Padlock or Warning Symbol: The site may not be safe, and your data could be at risk.
  • Check the Website Address (URL) – A secure website’s address begins with “https://”, while an unsecured one starts with “http://” (missing the “s” for security). Websites without HTTPS may expose sensitive information to potential threats. ✅ “https://example.com” – Secure ❌ “http://example.com” – Not Secure
  • Click on the Padlock for More Information – Selecting the padlock icon reveals details about the website’s security certificate. This certificate verifies that the website is legitimate and encrypts data to prevent unauthorized access.
  • Watch for Fake or Suspicious Websites – Some fraudulent websites attempt to appear secure but are designed to steal personal information (phishing attacks). Warning signs include misspelled website names, unusual URLs, or requests for sensitive data.
  • Pay Attention to Browser Warnings – Modern browsers display security alerts when a website lacks proper encryption. If a warning appears stating that a site is not secure, it is recommended to exit immediately and avoid sharing any personal details.

Checking for HTTPS, reviewing security indicators, and being cautious of suspicious websites can help prevent data theft and online fraud. If a website lacks proper encryption or triggers a security warning, it is best to leave the site and avoid entering sensitive information.

RECOMMENDATION

            The public is advised to follow these tips to avoid being a victim of fake HTTPS website attacks:

  • Use a Reputable Web Security Extension – Security browser extensions can help detect and block malicious websites, even if they use HTTPS;
  • Enable Two-Factor Authentication (2FA) – Even if login credentials are stolen, 2FA provides an additional security layer to prevent unauthorized access; and
  • Regularly Update Browsers and Security Software – Keeping software up to date helps protect against vulnerabilities that attackers might exploit to intercept HTTPS traffic.

For additional information, please refer to the following websites:

  • https://www.cloudflare.com/en-gb/learning/ssl/what-is-https/
  • https://transparencyreport.google.com/https/overview?hl=en
  • https://https.cio.gov/faq/

POINT OF CONTACT

Please contact PLTCOL JERRY V EMPIZO, Officer-In-Charge, Cyber Security Unit, thru e-mail address csradacgroup@gmail.com or contact us by telephone number (632) 723-0401 local 7488 for any inquiries related to this CYBER SECURITY BULLETIN.

Views: 0