Information Security Tips from Westfield Insurance

Have you ever gone to a secure (https://) web site before and gotten an “invalid certificate”?

The purpose for these warnings is to tell you that there is a problem with this Web site's security certificate. which should cause you to stop and take notice. According to a recent Carnegie Melon University study, there’s a good chance you’ll ignore it and click through anyways.

 In a laboratory experiment, researchers found that more than 55% ignored the certificate warning. The experiment started with an online survey of over 400 Web surfers. Then 100 people were brought in and were studied on how they surfed.

 What the experiment uncovered was that people had a mixed-up understanding of the warnings. Many thought these warnings meant they could ignore the messages when going to a site they trusted and should only be concerned when a less-trustworthy site was being visited.

 Often these warnings relate to a technical problem on the web site, but it can also mean that you’re being redirected to a fake Web site. If you were attempting to get to your online banking and received a certificate warning, it could be an attempt to transfer you to a fake site to steal your bank access credentials.

 So what should you do? Well, the best thing to do if you get a certificate warning is to read the message. If the site you’re going to is your online banking or other site that requires credentials, call the company and ask them about the warning. A phone call could save you from a potential mistake.

 The complete article can be read @ http://www.techworld.com/security/news/index.cfm?newsid=119829