Safari 8 (Yosemite): Identify encrypted websites and avoid fraud

This article has been archived and is no longer updated by Apple.
Identify encrypted websites and avoid fraud
Identify encrypted websites and avoid fraud using Safari

When you visit an encrypted webpage—for instance, to do online banking—Safari checks if the website’s certificate is legitimate. If it’s not, Safari displays a warning message.

Safari can also warn you if the site you are visiting is a suspected phishing website. Phishing is a fraudulent attempt to steal your personal information, such as user names, passwords, and other account information. A fraudulent website masquerades as a legitimate one, such as a bank, financial institution, or email service provider.

Determine whether a website is encrypted

Look for an encryption icon in the address and search field. An encryption icon indicates that the website uses the HTTPS protocol, has a digital identity certificate, and encrypts information. To view the website’s certificate, click the icon.

  • A gray icon indicates a standard certificate.

    “Security” button for a site with a standard certificate
  • A green icon indicates an EV certificate (more extensive identity verification), and shows the name of the EV certificate owner.

    “Security” button for a site with an Extended Validation certificate

If a website doesn’t have an encryption icon, go back to the page where you logged in and check for a link to another version of the site that’s encrypted—for example, “Use our secure site.” If available, use it, even if you don’t expect to view or provide private information.

Respond to a certificate warning

Click Show Certificate, then review the certificate content.

If a certificate includes a message that the certificate isn’t trusted, or was signed by an untrusted issuer, or the name and organization aren’t the same as the website owner, click Cancel.

If you continue to the website, verify the address in the Safari toolbar to confirm it’s correct. Some fraudulent websites masquerade as trusted websites by changing one or two letters of the website address. The certificate is stored on your computer.

Contact the website owner or administrator and ask why their site causes a certificate warning. For example, they may say the site is only accessible within your organization, so it has a self-signed certificate (one not provided by a certificate authority). You have to decide whether to trust the site anyway or not visit it.

Respond to a fraudulent website warning

If Safari displays a warning about a fraudulent website, don’t visit the site. Contact the administrator or owner of the website for information.

Published Date: Sep 15, 2017