macOS High Sierra

Avoid fraud by using encrypted websites

When you visit an encrypted webpage—for instance, to do online banking—Safari checks if the website’s certificate is legitimate. If it’s not, Safari displays a warning message.

Encrypted websites mask the data you exchange with them, so that only you and they can see it. It’s important to use encrypted websites to prevent anyone from “eavesdropping” on you.

Safari can also warn you about dangerous websites that have been reported as deceptive, malicious, or harmful. When you encounter a warning, it’s recommended that you do not visit the website.

Deceptive websites may attempt to trick you into installing dangerous software that can harm your computer, redirect your browsing, or steal your personal information (such as your user names and passwords). Many websites pretend to be legitimate businesses or government agencies, such as your bank, email service provider, or the IRS.

Open Safari for me

Determine whether a website is encrypted

  • Look for an encryption icon in the Smart Search field. An encryption icon indicates that the website uses the HTTPS protocol, has a digital identity certificate, and encrypts information. To view the website’s certificate, click the icon.

    • A gray icon indicates a standard certificate.

      The encryption icon (looks like a lock) for a site with a standard certificate.
    • A green icon indicates an EV certificate (more extensive identity verification), and shows the name of the EV certificate owner.

      The encryption icon (looks like a lock) for a site with an Extended Validation certificate.

If a website doesn’t have an encryption icon, go back to the page where you logged in and check for a link to another version of the site that’s encrypted—for example, “Use our secure site.” If available, use it, even if you don’t expect to view or provide private information.

Respond to a certificate warning

  • Click Show Certificate, then review the certificate content.

    If a certificate includes a message that the certificate isn’t trusted, or was signed by an untrusted issuer, or the name and organization aren’t the same as the website owner, click Cancel.

    If you continue to the website, verify the address in the Safari toolbar to confirm it’s correct. Some fraudulent websites masquerade as trusted websites by changing one or two letters of the website address. The certificate is stored on your computer. You can change the certificate’s trust settings later using Keychain Access.

  • Contact the website owner or administrator and ask why their site causes a certificate warning. For example, they may say the site is only accessible within your organization, so it has a self-signed certificate (one not provided by a certificate authority). You have to decide whether to trust the site anyway or not visit it.

Respond to a fraudulent website warning

  • If Safari displays a warning about a deceptive, malicious, or potentially harmful website, don’t visit the site.