What to do when your browser warns you about an unsafe website

Have you ever encountered a warning from your browser stating that you are trying to access an unsafe website? Discover how to handle these warnings and make informed decisions when browsing the web.

InSpain.news highlights many online scams and provides many tips on maintaining internet security. When navigating the internet, you may occasionally come across warning messages when visiting certain websites on your devices. One such message you might encounter is “Your connection is not private.” This warning can be a cause for concern. However, it doesn’t necessarily mean you are dealing with a malicious or fraudulent website. In this article, we will explore why this message appears and what actions you should take depending on the situation.

Understanding “Your connection is not private”

When you see this message in your browser, it means that the website you are trying to access has not established a secure connection through a valid SSL/TLS certificate. These certificates are essential for encrypting the communication between your browser and the website, acting like a digital lock that ensures your data travels securely across the internet. This is crucial because when you visit a website, your browser and that site exchange information, such as passwords, personal data, and credit card numbers, to name a few examples. Therefore, when you see the message “Your connection is not private,” your browser is warning you to exercise caution because the information you send to the website may not be protected.

Why does this message appear?

When browsing the internet, you can encounter this message even on well-known and legitimate websites. This warning can stem from various reasons, primarily due to issues with the website’s security certificate, such as:

1. An expired certificate.
2. An invalid certificate.
3. A misconfigured certificate.
4. A certificate issued or generated by an unrecognised Certificate Authority (CA) by the browser, which could be either legitimate (e.g., issued by a state public entity for a government website) or fraudulent (e.g., created by a cybercriminal for malicious websites).

As a result, you may see the initial message even when accessing legitimate government websites. Likewise, if you are accessing a fraudulent website with a certificate exhibiting any of the above characteristics, you may also encounter this warning.

How can you determine if the website is legitimate or malicious?

When should you disregard or consider this warning? Firstly, it’s important to note that the use of “http” instead of “https” in a website’s address does not automatically indicate malicious intent. Conversely, a website starting with “https” does not necessarily guarantee its safety. As mentioned earlier, cybercriminals may use a certificate for their fraudulent website to give it greater credibility in the eyes of unsuspecting or trusting users. However, there are some signs and best practices you can follow to assess whether a website is legitimate or potentially malicious. The OSI (Oficina de Seguridad del Internauta) has provided the following guidelines:

Examine the entire URL:

Ensure that the web address is consistent with the legitimate site you expect to visit. Fake websites often have URLs that appear similar to legitimate ones but with subtle differences, such as replacing a word or character.

Exercise caution with unsolicited links:

If you receive a link via email, text message, or social media from an unknown or unexpected source, be cautious about clicking on it. Social engineering campaigns often use links to redirect users to fake websites.

Confirm legitimacy from trusted sources:

If you have doubts about a website’s authenticity, seek additional information from trusted sources. You can search for the company or entity’s website separately using a reputable search engine or verify its authenticity through official communication channels, such as phone numbers or physical offices.

Use URL analysis tools:

Employ URL analysis tools to assess whether a website is trustworthy or potentially malicious.

After conducting these checks, only proceed to click on the underlined option in the browser’s warning message (“Access URL (unsafe site)”) when you are confident that it is the official website. In case of doubts, it’s better to avoid continuing navigation on the website in question.

Tips for maintaining internet security

In addition to the aforementioned recommendations, consider applying the following tips to keep yourself protected while browsing the web:

Keep your device software updated:

Ensure that your operating system, browsers, and installed programs are always up to date. These updates often include important security fixes that safeguard your devices.

Use antivirus software:

Install and keep reliable antivirus software up to date on your device. This will help detect and prevent potential threats that could compromise your devices and the information they contain.

Exercise Caution on Public Networks:

Avoid conducting financial transactions or sharing sensitive information while connected to public or open networks. If necessary, use a VPN to secure your connection or rely on your mobile phone’s data.

Stay Informed About Cybersecurity:

Stay informed about the latest threats and cybersecurity best practices by configuring your devices and online privacy optimally. Consider subscribing to the OSI security newsletters (in Spanish).

Also read:

Law enforcement conference on data protection