Update: November 2018
When this message first began circulating, it offered timely advice designed to help many Internet users avoid compromising their security online. The message first began circulating around a decade ago.
Although the Internet landscape has changed considerably in the intervening years, the base information provided in the message is still correct and worth heeding.
But, do keep in mind that it is now much more likely that even ordinary websites will be secure (HTTPS). And non-secure sites are now much more likely to be flagged as potentially unsafe than they were back in 2009.
In fact, search engine giant Google is increasingly pushing website owners and managers to install SSL certificates if they have not already done so. All HTTP sites are now flagged as non-secure in the Google Chrome browser. In due course, virtually all websites will likely be secure, even those that do not collect any sensitive information from visitors.
Unfortunately, even if a site address does display HTTPS, it might still be a scam or phishing web page. It is important to keep in mind that phishing scam sites may also be secure. It is now quite easy for web developers, both legitimate and criminal, to create secure websites at no extra cost. So, online criminals are now more commonly creating scam websites that are secure and display the familiar padlock.
But, with those factors considered, the claims in the old message are still valid and valuable.
Original 2009 Report
The message outlines in plain English the difference between the HTTP and HTTPS protocols. It explains why it is important to ensure that a web page is using the secure https protocol before providing your personal and financial information.
The Hypertext Transfer Protocol (HTTP) is a system that allows the transmitting and receiving of information across the Internet. Http allows information, such as the text you are reading right now, to be accessed from the server by your web browser. While http allows for the quick and easy transmission of information it is not secure and it is possible for a third party to “listen in” to the “conversation” between servers and clients.
If a website is one that needs to collect private information such as credit card numbers, then a more secure protocol is an important prerequisite. For example, purchasing a product or service online or using Internet banking, it is vital that the exchange of information between clients and servers cannot be easily harvested by third parties. Thus, the HTTPS (secure HTTP) protocol was developed to allow the authorisation of users and secure transactions.
But certainly, if you are required to provide sensitive personal or financial information on a web page, always ensure that the web address starts with https not just http. Knowing the difference between HTTP and HTTPS can certainly help web users keep their information secure.
For example, if a webpage, such as an Internet banking login page, that should be secure, uses HTTP rather than HTTPS in its address, it may well be a “look-a-like” phishing site designed to steal financial information. A genuine financial institution website would NEVER use the unsecure HTTP protocol on any pages that require customers to provide personal or financial information.
Example:(Submitted, January 2009)
Subject: FW: Difference between http & https (no joke)
Don’t know how many are aware of this difference, but worth sending to any that do not…… What is the difference between http and https
FIRST, MANY PEOPLE ARE UNAWARE OF
**The main difference between http:// and https:// is It’s all about keeping you secure** HTTP stands for Hyper Text Transport Protocol,
Which is just a fancy way of saying it’s a protocol (a language, in a manner of speaking) For information to be passed back and forth between web servers and clients. The important thing is the letter S which makes the difference between HTTP and HTTPS.
The S (big surprise) stands for “Secure”. If you visit a website or webpage, and look at the address in the web browser, it will likely begin with the following: http://.
This means that the website is talking to your browser using the regular ‘unsecure’ language. In other words, it is possible for someone to “eavesdrop” on your computer’s conversation with the website. If you fill out a form on the website, someone might see the information you send to that site.
This is why you never ever enter your credit card number in an http website! But if the web address begins with https://, that basically means your computer is talking to the website in a secure code that no one can eavesdrop on.
You understand why this is so important, right?
If a website ever asks you to enter your credit card information, you should automatically look to see if the web address begins with https://.
If it doesn’t, there’s no way you’re going to enter sensitive information like a credit card number.
PASS IT ON (You may save someone a lot of grief).