April 2018
Intermediate to advanced
176 pages
4h 16m
English
Now, let's see how to keep your eyes open on anything abnormal on the login page, such as a missing https in the URL field is a good indicator for phishing activity, where the attacker can redirect your traffic to a malicious login page; or if the attacker is in between, like man-in-the-middle attack, he can use a tool such as SSL strip to strip off the SSL encryption and turn your data into clear text.
And if you are a security paranoid person, even if you see the https label in green, you can double-check the certificate status that you got from the website. For instance, this is a screenshot of a Facebook server certificate:
We can see that it's issued to all Facebook domain, and we can see ...