Arnold, CA…As Google and other web infrastructure companies increasingly want all web traffic over encrypted or Https connections a disturbing trend has been emerging. According to data from phishlabs.com 49% or almost half of all phishing or malware sites now use encryption. This can lull you into a false sense of security as they have the security padlock in the address bar and are not flagged in the browser as “Not Secure”. So make sure that even though you are on a website that has a padlock that it is actually the site you were intending to visit. Just because an email says it is from a bank, shopping site or financial institution does not mean it actually is.

On ThePineTree.net we still route our traffic over plain old http as we do not collect any usernames, passwords, email addresses or any data that may be of use to third parties. Our theory is what hasn’t been collected can’t be stolen. At some point we will have to convert to https as well but we thought it was worth warning readers that even though a site say it is secure doesn’t mean it isn’t being maintained for fraudulent purposes.

If you look at many of the largest security breaches it has been through human engineering or phishing attacks where people voluntarily gave their info to fake or spoof sites.

So be extra careful this season and look in the address bar of your computer or phone to make sure before you put in your credit card info it is actually the site you were intending to visit.

One ruse that can be use by hackers is to use url shortening services to provide a shortened, friendly looking url that is actually masking the fact that they are sending you to a phishing or fraudulent site.