Surfing the internet is one of the most common operations we perform , and we have now learned that this implicitly exposes us to a series of risks. To protect ourselves, we rely on browsers, not only web access doors , but real bulwarks of our digital identity.
These programs (sorry, applications ) warn us, among many other things, even if we are about to visit an unsafe site, i.e. a site that does not contains a Transport Layer Security (TLS) or Secure Sockets Layer (SSL) certificate. These protocols confirm the identity of the site and verify that the data we exchange is protected , and we can check its existence thanks to the wording “HTTPS” in the front of site link .
But what happens if we find ourselves in this situation , and how should we behave?
First of all, we must always keep in mind that the safety certification does not guarantee that a site is not harmful , so you must always keep a good dose of skepticism and attention . But let's go back to the case where our browser tells us that a site is not safe.
- in case of sites that we know well , it could be due to a safety certificate just expired or a mismatch between the URL entered and the name associated with the certificate, as indicated by the message NET :: ERR_CERT_COMMON_NAME_INVALID
- if we clicked on a link in an email from a sender we don't know.
- when browsing on a public network , for example at the bar or at the airport. These networks are susceptible to man-in-the-middle attacks by people on the local network. These attacks occur when a attacker tricks the device we are using into thinking that their computer is the real access point to the network, hijacking the Wi-Fi connection to their device. In this way we will provide you with access to our Internet traffic and the data we exchange with it. In this case it is very important that the sites use the HTTPS protocol.
- if the site is not that what we think
Visiting websites that do not have adequate encryption can put you at risk for a number of cyber threats.
- the aforementioned man -in-the-middle , which is particularly dangerous when visiting e-commerce sites , where information such as address and credit card number is entered. Once intercepted, this information can facilitate identity theft, as well as the theft of money.
- attacks ransomware , which can occur when a user visits an infected site that secretly downloads malware on your device. Malware allows attackers to hold users' files hostage until they pay a ransom
- phishing attacks, where attackers mimic a trusted site to trick users into sharing financial information or other sensitive information. In this case, the “Connection not private” message is triggered because the site certificate is not authentic. If a user types in their bank's URL and sees this message, something went wrong because the bank's website definitely has a working certificate.
- always make sure to enter the address by hand .
- we do not click on links with unknown content or of unclear provenance
- if we are sure that the site has the security certificate, you can try restart the computer , clear the cache or switch to a private Wi-Fi connection to see if the error persists.
- if we are sure that the site is safe because we know it , you can select “ Advanced ” in the error window and then click the link to proceed to the website . Be careful to enter personal information, from passwords to addresses, as they will not be protected.
