The following describes in detail how to recognize a secure internet connection for Internet Explorer, Google Chrome, Firefox Mozilla, Apple Safari, and Opera. If you have any questions regarding other proprietary web browsers and how to identify a secure internet connection on them, or If you think someone is impersonating CA Lending®, or believe you have been the victim of a car loan fraud or attempted car loan fraud through telephone, mail or e-mail, contact us immediately at 1.855.888.LEND (5363) or e-mail us at firstname.lastname@example.org
The certificate that is used to encrypt the connection also contains information about the identity of the website owner or organization. You can click the lock to view the identity of the website.
When you visit a website that uses a secure connection, the color of the Security Status bar tells you whether the certificate is valid, and it displays the level of validation that was performed by the certifying organization.
The following table describes what the Security Status bar colors mean.
|Color||What it means|
|Red||The certificate is out of date, invalid, or has an error. For more information, see “About Certificate Errors” in Related Topics.|
|Yellow||The authenticity of the certificate or certification authority that issued it cannot be verified. This might indicate a problem with the certification authority’s website.|
|White||The certificate has normal validation. This means that communication between your browser and the website is encrypted. The certification authority makes no assertion about the business practices of the website.|
|Green||The certificate uses extended validation. This means that communication between your browser and website is encrypted and that the certification authority has confirmed the website is owned or operated by a business that is legally organized under the jurisdiction shown in the certificate and on the Security Status bar. The certification authority makes no assertion about the business practices of the website.|
When you connect to a website, Google Chrome can show you details about your connection and alert you if it’s unable to establish a fully secure connection with the site.
See if the site is using a secure connection (SSL)
If you’re entering sensitive personal information on a page, look for a lock icon to the left of the site’s URL in the address bar to see if the site uses SSL. SSL is a protocol that provides an encrypted tunnel between your computer and the site you’re viewing. Sites can use SSL to prevent third parties from interfering with the information traveling through the tunnel.
|Icon||What it means|
|The site isn’t using SSL. Most sites don’t need to use SSL because they don’t handle sensitive information. Avoid entering sensitive information, such as usernames and passwords, on the page.|
|Google Chrome has successfully established a secure connection with the site.Look for this icon and make sure the URL has the correct domain, if you’re required to log in to the site or enter sensitive information on the page.If a site uses an Extended Validation SSL (EV-SSL) certificate, the organization’s name also appears next to the icon in green text.|
|The site uses SSL, but Google Chrome has detected insecure content on the page. Be careful if you’re entering sensitive information on this page. Insecure content can provide a loophole for someone to change the look of the page.|
|The site uses SSL, but Google Chrome has detected either high-risk insecure content on the page or problems with the site’s certificate. Don’t enter sensitive information on this page. Invalid certificate or other serious https issues could indicate that someone is attempting to tamper with your connection to the site.|
SSL warning messages
You might get a warning message when Chrome detects the site you’re visiting might be harmful to your computer.
|Warning message||What it means|
|This is probably not the site you are looking for!||This message appears when the URL listed in the site’s certificate doesn’t match the site’s actual URL. The site you’re trying to visit may be pretending to be another site.|
|The site’s security certificate is not trusted!||This message appears if the certificate wasn’t issued by a recognized third-party organization. Since anyone can create a certificate, Google Chrome checks to see whether a site’s certificate came from a trusted organization.|
|The site’s security certificate has expired!
The server’s security certificate is not yet valid!
|These messages appear if the site’s certificate is not up-to-date. Therefore, Google Chrome can’t verify that the site is secure.|
|The server’s security certificate is revoked!||This message appears if the third-party organization that issued the site’s certificate has marked the certificate as invalid. Therefore, Google Chrome can’t verify that the site is secure.|
See more details about the site
Click the icon or the lock icon to see even more details about the site’s identity, your connection, and your visit history for the site.
Sites using SSL present security certificates to the browser to verify their identity. Anyone can set up a website pretending to be another site, but only the real site possesses a valid security certificate for the URL you’re trying to reach. Invalid certificates could indicate that someone is attempting to tamper with your connection to the site.
|Icon||What it means|
|The site’s certificate is valid and its identity has been verified by a trusted third-party authority.|
|The site has not provided the browser with a certificate. This is normal for regular HTTP sites (look for the icon in the address bar), because certificates are usually provided only if the site uses SSL.|
|Google Chrome has detected problems with the site’s certificate. You should proceed with caution because the site may be pretending to be another site in order to trick you into sharing personal or other sensitive information with them.|
Your connection to the site
Google Chrome lets you know whether your connection is fully encrypted. If your connection is insecure, third parties might be able to view or tamper with the information you provide on the site.
|Icon||What it means|
|Google Chrome has successfully established a secure connection with the site you’re viewing.|
|Your connection to the site is not encrypted. This is normal for regular HTTP sites (look for the icon in the address bar).|
|Your connection to the site is encrypted, but Google Chrome has detected mixed content on the page. Be careful if you’re entering information on this page. Mixed content can provide a loophole for someone to manipulate the page. This content could be third-party images or ads embedded on the page.|
|Your connection to the site is encrypted, but Google Chrome has detected mixed scripting on the page. Be careful if you’re entering personal information on this page. Mixed scripting can provide a loophole for someone to take over the page. This content could be third-party scripts or videos embedded on the page.If you’re connected to the Internet via a public wireless network, mixed scripting is especially risky because wireless networks are easier to tamper with than wired networks.|
This will show if you’ve ever visited the site before. However, if you’ve cleared cache and cookies, the visited history is also cleared
|Icon||What it means|
|You’ve visited the site before, so chances are you trust this site.|
|You’ve never visited this site before. This message is normal if you know this is true. However, if the site looks familiar and you didn’t clear your browsing history recently, it may be pretending to be another site. Please proceed with caution.|
The Site Identity Button is a Firefox security feature that gives you more information about the sites you visit. Using the Site Identity Button, you can find out if the website you are viewing is encrypted, if it is verified, who owns the website, and who verified it. This should help you avoid malicious websites that are trying to get you to provide important information.
The Site Identity Button is in the Location bar to the left of the web address.
When viewing a website, the Site Identity Button will display in one of three colors – gray, blue, or green. Clicking on the Site Identity Button will display security information about the website, with a matching gray, blue, or green “Passport Officer” icon.
Gray – No identity information
When the Site Identity button is gray, that indicates that the site doesn’t provide any identity information at all. Also, the connection between Firefox and the server is either unencrypted or only partially encrypted, and should not be considered safe against possible eavesdroppers.
Most websites will have the gray button, because they don’t involve passing sensitive information back and forth and do not really need to have verified identities or encrypted connections. For sites that don’t require any personal information, a lack of identity information is fine.
Blue – Basic identity information
When the Site Identity button is blue, that indicates that the site’s domain has been verified, and the connection between Firefox and the server is encrypted and therefore protected against eavesdroppers.
When a domain has been verified, it means that the people who are running the site have bought a certificate proving that they own the domain and it is not being spoofed. For example, the TD Canada Trust website has this sort of certificate and an encrypted connection, so the Site Identity Button displays as blue. When you click on the Site Identity Button, it tells you that the easywebcpo.td.com site is verified to be part of td.com, as certified by VeriSign Inc. It also assures you that the connection is encrypted so no one can eavesdrop on the connection and steal your bank login information that way.
However, it is not verified who actually owns the domain in question. There is no guarantee that td.com is actually owned by the Toronto Dominion Bank. The only things that are guaranteed is that the domain is a valid domain, and that the connection to it is encrypted.
If you are still leery about a site’s identity when the Site Identity Button is blue, you can see more information about the site by clicking the More Information… button on the Site Identification dialog. This will open the Security panel of the Page Info window, where you can view the site’s identity certificate, see if you’ve visited the site before, and if you have any cookies or passwords stored for the site.
Green – Complete identity information
When the Site Identity button is green, that indicates that the site provides fully verified identity information about its owner, and that the connection is encrypted.
If a site makes the Site Identity Button turn green, it means that it is using a new Extended Validation (EV) certificate. An EV certificate is a special type of site certificate that requires a significantly more rigorous identity verification process than other types of certificates. While the blue Site Identity Button indicates that a site uses a secure connection, the green Site Identity Button indicates that the connection is secure and that the owners of the domain are who you would expect them to be.
With the EV certificate, the Site Identity Button assures you that paypal.com is owned by Paypal Inc., for example. Not only does the Site Identity Button turn green on the Paypal site, it also expands and displays the name of the owner in the button itself. The Site Identification dialog contains further information.
Make sure the website’s address begins with “https” (instead of “http”).
How to use Fraud and Malware Protection information
With Opera Fraud and Malware Protection enabled, every webpage you request is subjected to phishing and malware filters. The security status of the page is displayed in a security badge in the address field.
A maximally secure site has the following features:
- Its encryption level should be good enough to protect the traffic between you and the website, so that a third party listening in will not be able to see the data that is transferred. This is indicated by a padlock .
- It should have a valid security certificate, which provides some assurance that you have reached the intended website and not some impostor.
The table below describes the security badges used in the Opera browser:
|Maximally secure site, with Extended Validation (EV), where the identity of the owners of the website have been thoroughly verified|
|Secure site, where the credentials of the site owner have been checked|
|Normal site, or a site where there are problems with encryption, or where information is not available to enable verification|
|File or folder on your computer|
|Site that has been listed as a known fraudulent site|
|Site that has been listed as a known malware site|
If a website is found on lists of known, suspicious sites, a warning page may display before the page is shown. You decide whether to visit the questionable website, to return safely to the browser home page, or to read additional information about the status of the page. If you open a phishing or malware page, it will be marked with a red “Fraud Site” or “Malware site” indicator, as shown in the table above.
Summary and detailed security information
To display summary security information, click the security badge. For more detailed security information, including information about the website’s certificate, click the Details button. In the resulting dialog, you can also report a site as suspicious, or enable/disable Fraud and Malware Protection.