Safari 6 (OS X Mountain Lion): Identify secure websites and avoid frauds
When you use a website that handles private or financial information, make sure the website is encrypted.
When you go to an encrypted webpage—for instance, to do online banking—Safari checks the website’s certificate and compares it with certificates that are known to be legitimate. If Safari doesn’t recognize the website’s certificate, or if the website doesn’t have one, Safari displays a warning message.
Safari also checks lists of fraudulent websites that have been identified by security services. If you attempt to visit one of these websites, Safari displays a warning message.
Look for a Security button
A Security button near the left end of the address and search field means that the website uses the HTPPS protocol and has a digital identity certificate. Information is encrypted to keep it private as it’s sent to or from the website.
The Security button, which has a lock icon inside it, can be gray or green.
- A gray Security button means the website has a standard certificate.
- A green Security button means the website has an Extended Validation (EV) certificate, which requires more extensive identity verification than a standard certificate. A green Security button shows the name of the EV certificate owner.
To view the contents of a website’s certificate, click the Security button.
Use a secure connection, if available
If a Security button isn’t shown for a website, you may have been given a choice between a secure and an insecure connection when logging in to the site. Go back to the page where you logged in and check for a link to an encrypted (or secure) login. Even if you don’t plan to view private information, it’s best to use an encrypted login whenever possible to ensure that your login information and any other information you send are private.
How to respond to a certificate warning
- Click Show Certificate, and inspect the certificate for suspicious information.
Look for a message that says the certificate is not trusted, or was signed by an untrusted issuer. If you see a message like that, click Cancel, and do not go to the website.
Click the triangle next to the word “Details.” Check to make sure that the name and organization match those of the person or organization that owns the website. If anything looks unusual or is not what you expect, click Cancel, and do not go to the website.
If you continue to the website, double-check the address in the Safari toolbar to confirm that it is the correct address for the page you want to visit. The name of the website should be spelled correctly. Sometimes fraudulent websites masquerade as trusted websites by changing one or two letters of the trusted website’s address.
- Contact the administrator of the website, explain the problem, and request more information.
If you continue, the certificate is stored on your computer, and this warning isn’t displayed again for this website until you quit and restart Safari. If you like, you can change the trust settings for the certificate later, using Keychain Access.
How to respond to a warning that a website is fraudulent
If Safari warns you that a website is fraudulent, do not visit that site. If you think the warning message is in error, contact the administrator or owner of the website for information. Never provide secure or personal information at a website unless you are confident that it is secure.