I don't do much of online shopping, simply because I like to shop IRL.
But when you come across a website with labels that are 60% cheaper, you got to think about it.

So I found a website that seamed great. It has all sort of verified labels - almost too many of them. I got suspicious that this website was supposed to be in Geneva, yet the prices were in € and also it seamed to be in several other countries (found through google, not linked together one the site), South Africa and Greece, the exactly the same prices and exactly the same products. When I went to the sign up there was no httpS so I canceled and decided for the first time to make a lookup on VeriSign for this shops. It took ages to find it, I got all sorts of pages how to detect a scam, did a scam test, got endless of pop ups in new windows, learned all about their nice green bar (which I couldn't find where to download) but finally I made it to the point where I could put in the url and run it through.
And the result was that VeriSign does not have this company registered.
So I thought the right thing to do was to report it. Again started too long search for a report button, a search that ended by 4 links of scam-reporting sites. And frankly, I'm just out of time for this now.

Does VeriSign really not want to know if someone is using their precious "You can trust us" logo without being their customer?

anyone can copy the "trust me, I'm Jeremy Beadle" logo.

what you need is to check the certificate matches the site name and that you trust the site.

it is possible for someone to buy a certificate for SSL - in the end, all it really achieves is that your connection to them over the Internet is secure.

Thieves can always get SSL if they're willing to pay.

The age-old rule applies - if it seems too good to be true..........

Hi Begga,

Verisign are just one of the certificate authorties that supply certificates for SSL (HTTPS) for web sites, and as KB88111 says anyone who's willing to pay can get a basic certificate.
However there are more tightly controlled types of certificate that aren't so freely available. With these, the certificate authority performs more in-depth checks to confirm the identity of the company requesting the certificate. In modern web browsers these certificates should cause all or part of the address bar to turn green.
Another thing you can do to check out a website is lookup details of the domain names registered owner. You can do this on whois.sc, although it's worth remembering that the registrars don't often take steps to verify that the info you see here is correct (one notable exception is the .us TLD).

Overall though, I'd say the golden rule is "if it looks too good to be true, it probably is!"

Hope this helps, and hopefully see you at the curry night this week

__________________
Oh hamburgers!

I just found it annoying that

1. It takes ages to find what you are looking for on their website.
2. That they don't care (?) that a scammer is abusing their trademark. A lot of people trust that mark and don't think about doing background checks, nor know much about internet security.

Just to make it sure: VeriSign is a private company offering security services for TECHNOLOGY. I would trust them that the connection is secure or that there is no virus in some download. Shops pay for their seal to give you the good feeling that the little garage seller will not blow up your PC with some malware.

What they do not do is offering security for your money. They will never make sure that the guys behind their seal are honest business people or selling you knock off designer stuff... that's not Verisign's business.

So no matter if any seal is stolen or real - be careful where you shop in order to get what you want and not cheated...

Not quite. Verisign couldn't possibly assure you that there's no virus in the download.

SSL, as indicated by the HTTPS:// portion of a URL provides two major services:

1. Authentication: That the server you're talking to is who it says it is.
2. Transport Layer Encryption: That communications between you and the server are encrypted and uninterrupted (i.e. no man-in-the-middle can eavesdrop).

Now anybody can go and buy a certificate but Verisign are pretty damn good at point 1. They insist on a VAT number, a listing of the company in some public record and they call the phone number listed against that public record to verify that the company exists and that the requestor is authorised to act on behalf of the company. But that's where it ends; As you correctly point out, the company's business practices are not the business of Verisign - their certificates just provide a reasonable level of authentication.

Part 2 works well but is also often misunderstood. The content could be a virus. That virus will be encrypted as it traverses the untrusted network (the internet), but when it reaches you and is decrypted its still a virus.

The other misunderstood part is that only the connection is covered by point 2. Once the data reaches the end server it is decrypted and its no longer an SSL problem. It can sit on a USB stick unencrypted for all you know, or be forwarded straight to a printer in the middle of an open plan office.

SSL is very good technology. The biggest failing is that its intricacies are not well understood by 99% of its consumers. Companies like Verisign and those developing web browsers tell people that the an HTTPS connection is secure, but they don't do a good enough job of telling people what secure means in this context.

Sorry for nerding the whole place up

Well, if you have to: Verisign is nowadays owned by Symantec (a company famous for their virus scanners) and SSL is just a part of their services. "Daily malware scans" of websites is part of the seals the offer and that would be the virus protection I mentioned...

@ Begga

What is the URL of the "famous" online shop?

So they do, I take it back.

They didn't offer that when I last used them (and its a bit of a gimmick really). What's surprising is that they offer it on even their cheapest certs.

http://www.manoloblahnikgeneve.com/
http://www.manoloblahnikgreece.com/

This one does not have all the verifies like the above, but seams to be the same sh!t:
http://www.manoloblahniksouthafrica.com/

Yes, they just have "pictures" of the seal.

The real version - you can click on it, and a kind of validation will open.

Top right corner:
http://www.verisign.com/ssl/seal/index.html

Take an educated guess: Do you think that this company runs an official Manolo Blahnik shop in Geneva?

Domain Name ..................... manoloblahnikgeneve.com
Name Server ..................... dns23.hichina.com
dns24.hichina.com
Registrant ID ................... hc350507340-cn
Registrant Name ................. la wasi
Registrant Organization ......... la wasi
Registrant Address .............. la wasi trade ltd
Registrant City ................. beijing
Registrant Province/State ....... BJ
Registrant Postal Code .......... 100100
Registrant Country Code ......... CN
Registrant Phone Number ......... +86.01024222121 -
Registrant Fax .................. +86.01024222121 -
Registrant Email ................
Administrative ID ............... hc350507340-cn
Administrative Name ............. la wasi
Administrative Organization ..... la wasi
Administrative Address .......... la wasi trade ltd
Administrative City ............. beijing
Administrative Province/State ... BJ
Administrative Postal Code ...... 100100
Administrative Country Code ..... CN
Administrative Phone Number ..... +86.01024222121 -
Administrative Fax .............. +86.01024222121 -
Administrative Email ............
Billing ID ...................... hc350507340-cn
Billing Name .................... la wasi
Billing Organization ............ la wasi
Billing Address ................. la wasi trade ltd
Billing City .................... beijing
Billing Province/State .......... BJ
Billing Postal Code ............. 100100
Billing Country Code ............ CN
Billing Phone Number ............ +86.01024222121 -
Billing Fax ..................... +86.01024222121 -
Billing Email ...................
Technical ID .................... hc350507340-cn
Technical Name .................. la wasi
Technical Organization .......... la wasi
Technical Address ............... la wasi trade ltd
Technical City .................. beijing
Technical Province/State ........ BJ
Technical Postal Code ........... 100100
Technical Country Code .......... CN
Technical Phone Number .......... +86.01024222121 -
Technical Fax ................... +86.01024222121 -
Technical Email .................

Hang on! I think I know the answer to this one..... just give me a minute...