How to stay safe using iCloud and other online services

SecurityIconXFollowing the recent hack attempts against its iCloud service in China, Apple has published a reminder page to inform you of how to detect fraudulent sites that are pretending to be legitimate ones, by determining if the remote server is using valid certificates and proper encryption.

While Apple’s servers were not compromised and iCloud data and passwords were not revealed in the recent attacks, this event serves as a good reminder to check for the validity of any Web site you are connecting to, especially if it contains private or sensitive information.

To help with security, services like banks, and online identities like social media and Apple’s iCloud often host secured certificates with a feature called Extended Verification. This feature allows for you to quickly check a certificate by glancing at your browser’s address bar. If a Web site’s Extended Verification certificate is valid, then you will see the company’s name appear in green color in the browser address bar, and also see a lock next to its name. This is true for every major and current Web browser, and so when you are connecting to online services through Safari, be sure you check for this feature.

Extended Verification in iCloud Certificate

Sites like iCloud should host Extended Verification certificates that provide visual cues to their validity in your browser’s address bar.

Keep in mind that if a Web site does not have a certificate and show a green lock in your browser’s bar, it does not mean the site is fraudulent. However, if the site is expected to have this validation but you do not see it, then you should be suspicious of it. Unfortunately since not all online services use this feature, you might not know when to expect it; however, one way is to check for this security whenever you first visit your sites and then expect it from then on.

In addition to manually checking, security certificates are validated against root certificates that are included in your Mac, so if a match cannot be made then you should see Safari indicate that the certificate on the remote site cannot be verified. An additional security measure that many Web browsers use is a subscription to fraud detection services, as can be seen in Safari by going to its Security preferences, where you can check the option to warn when visiting fraudulent sites. With this enabled, if you visit a site that is attempting to mimic another one, you will see a warning that outlines the risks, and recommends you do not proceed to the site.

Overall, when visiting your various online sites, you can take four steps to ensure you are secure:

  1. Manually type in your site’s Web URL, instead of clicking any links in emails or on other Web sites.
  2. Check for the validity of your site’s certificate.
  3. Only use a trusted Web browser and be sure you keep it updated to its latest version.
  4. Keep your computer’s OS up to date, to ensure you have the latest root certificates and other security routines installed.

One thought on “How to stay safe using iCloud and other online services

  1. darrenoia

    iCloud keychain is actually quite helpful when it comes to phishing — because if you know that your Apple devices have saved your password, not seeing it prefilled in the field at least can put you on alert that something may be amiss.

Comments are closed.