Does an SSL certificate mean you’re really safe?

Every cybersecurity specialist will tell us to use websites only if there is a green padlock displayed before the URL of the site. This padlock means that a website has an SSL certificate — a technology that encrypts the transferred data thus making it virtually impossible to intercept for malefactors. So that’s a huge bonus for our online security. And we definitely should prefer websites with a padlock to ones without it.

However, with a dose of healthy scepticism, we can point out that even though almost every website has an SSL certificate today and Google tries to keep us away from ones without it, the amount of cybercrime didn’t really go down. In fact, it increases steadily meaning that more and more of us fall victims to the malicious activity of hackers. Why does it happen? Because intercepting data is not the only instrument they use to make a profit off innocent users.

Why doesn’t an SSL certificate save us?

When SSL certificates were just launched, website owners were slow to get them for themselves because they costed money and not everyone understood the necessity. Today, one can get such a certificate as a bonus to a hosting they rent or a domain they buy. So getting an SSL certificate is not an issue at all. It’s great for website owners who want to protect their users — and comply with the rules of Google that demand all sites to have a certificate.

But also, it means that anyone — even hackers — can get an SSL certificate easily. This fact creates issues for us since it means that malefactors can create an innocently looking website that will even have that green padlock that gives us greater peace of mind. The only thing that will make this site differ from any other — it will jeopardise our cyber and maybe even physical safety.

While we’re basically conditioned to feel safe once we see that green padlock, it doesn’t indicate we’re in a safe zone. We still need to stay cautious.

What can happen?

We will go through a couple of scenarios that could happen.

Scenario #1 — phishing with the goal of stealing your data

So, let’s imagine that we enter a website with an SSL certificate. It looks like a nice and safe online store but actually it’s owned by hackers.

We start looking for goods on this site and we find what we need. We put these items in the cart and proceed to the checkout — we’ve swallowed the bait malefactors prepared for us. As we complete our order, we have to provide the site with a lot of sensitive information such as our full name, email and home addresses, and even credit card data. Even though an SSL certificate encrypts your data, it doesn’t hide it from website owners.

Now all these details are in the hands of hackers. And even if our payment won’t be successful for some reason, they still have our data.

Scenario #2 — phishing with the goal of getting money from you

Same as in the previous scenario, we enter an online store to look for things. It has an SSL certificate and we feel safe browsing through it, putting items in a cart, and proceeding to the checkout. At the checkout we pay for the order online — the method doesn’t matter. And that’s it — the order is supposed to be getting processed now. But it isn’t. Because there is no online store, and our money went directly to a hacker’s pocket.

Moreover, malefactors have our address and email now, along with a phone number maybe. And if we entered credit card details instead of using Google or Apple Pay, or Paypal, they have our bank card info, too, now.

Scenario #3 — your IP address gets used

Our IP addresses are rather public. Each server — read, website — we access can see it. And it’s fine until it’s not. Imagine now that the website we access is owned by malefactors who can track our location using our IP address. Doesn’t sound nice, right? They can then use our address to blackmail us or even put our physical safety under a threat.

Scenario #4 — the website is hacked

While it’s unlikely that a site with an SSL certificate will get hacked, it’s not impossible. A certificate does offer protection but there might be other vulnerabilities on that website hackers have exploited. So now the information we share with this site is under threat.

What can we do to protect ourselves?

It’s hard to not disclose any information during online shopping. But what can we do then?

Here are a couple of tips that will let you stay safer from malicious websites:

• Always double-check the URL. If malefactors created a site to mimic some famous online store, the URL will have something written incorrectly in it.

• Be careful about new e-commerce websites. If you never purchased from this site, try looking up some reviews or maybe articles that mention it.

• Use Google or Apple Pay, or another payment method that doesn’t need you to enter your credit card data. When you’re using one of such methods, you hide your bank card information even from a seller this lowering the risk of it getting stolen.

• Use the iNinja VPN app. iNinja is a free VPN for Windows, macOS, and portable devices that will hide your IP address and encrypt the data you send and receive. It’s easy to use and lightweight — iNinja won’t even cut your internet speed while keeping you safe online.


While cybersecurity specialists do their best to protect us, we still need to take care of our safety online by ourselves because professionals only try to keep up with hackers. Malefactors come up with new ways to scam people all the time and it’s almost impossible to predict their next rule. So stay alert and use the iNinja VPN app!