I’ve never come across a survey that confirms what I’m about to say; but I suspect the vast majority of people who see a padlock and “https:” in a website address believe the website they are currently visiting is trustworthy and safe. Afterall, it seems to reason that the “s” stands for “secure,” particularly given the added presence of a padlock. Upon seeing it, most will conclude the website is legitimate and thus safe for the submission of payment or other sensitive personal information.

Here’s what most folks don’t know. Yes, while that small “s” does stand for secure, that doesn’t mean the website is trustworthy and safe.  All it means is the data stream is encrypted. This is an important distinction that everyone in your firm needs to be aware of. Here’s why. When cybercriminals set up phishing websites, which are websites that mimic reputable websites, they are routinely taking the time to set the website up as a secure website, which means when someone visits the rogue website, they will see an “s” after “http:” in the website’s address.

Why would cybercriminals do this? As I often like to say, think about it. If someone is trying to steal the login credentials to your bank account, the presence of that little “s” in the website address lends credibility to the fake website. It’s about trying to build trust, which they hope will translate to an increased frequency of victims falling prey to the phishing attack. In addition, their use of encryption ensures that any effort to monitor the data stream for potential threats is going to be far more difficult.

Now that you know, take the time to make sure everyone in your firm knows as well because all it takes for the login credentials to your firm’s IOLTA account to be shared with the wrong person is one mistaken belief. Trust me. The ever-evolving level of sophistication of phishing attacks coupled with the targeting of specific individuals means it’s only a matter of time before knowing the above could make all the difference in the world.