image
Many U.S. government Web sites now carry a message prominently at the top of their home pages meant to help visitors better distinguish between official U.S. government properties and phishing pages. Unfortunately, part of that message is misleading and may help perpetuate a popular misunderstanding about Web site security and trust that phishers have been exploiting for years now. For example, the official U.S. Census Bureau website https://my2020census.gov carries a message that reads, "An official Web site of the United States government. Here's how you know." Clicking the last part of that statement brings up a panel with the following information: A message displayed at the top of many U.S. .gov Web sites. The text I have a beef with is the bit on the right, beneath the "This site is secure" statement. Specifically, it says, "The https:// ensures that you are connecting to the official website…." Here's the deal: The https:// part of an address (also called “Secure Sockets Layer” or SSL) merely signifies the data being transmitted back and forth between your browser and the site is encrypted and cannot be read by third parties. However, the presence of "https://" or a padlock in the browser address bar does not mean the site is legitimate, nor is it any proof the site has been security-hardened against intrusion from hackers. In other words, while readers should never transmit sensitive information to a site that does not use https://, the presence of this security…

Source