Should you trust a website with HTTPS?

There seems to be a lot of confusion around how to figure out if a website is safe and one thing that seems to come up is whether HTTPS means the website can be trusted. Let’s take a look at HTTPS and what it means.

Definition of HTTPS: Hypertext Transfer Protocol Secure

Here is what HTTPS means: the connection between your device and the web server is secure.

HTTPS does NOT mean: that the person or company who owns the website (domain) can be trusted.

The truth is that even if a website is on HTTPS, it may not be trust worthy.

For example a bad company (let’s call it Evil Corp) trying to steal your personal banking information can have a website (for example the domain evil-corp.com) and enable HTTPS on their server.

So you would still see something like https://evil-corp.com in your web browser when you visit the site, but that just means that the communication between your device and their web server is secured (evident from the definition of HTTPS which says that it is just a secure transfer protocol).

A website with HTTPS does not imply that Evil Corp can be trusted!

So next time you see a website and want to figure out if you can trust it, it is necessary to make sure that the web domain is owned by the company that you intend to interact with. (For example, I know Google owns the domain https://google.com, so I can trust this website)

Never provide sensitive information like banking details, phone numbers or OTPs to anyone even if they claim to be the bank.

Happy and Safe browsing!