Feedback on security Training
under review
C
Christina Tomter
Hello!
I wanted to reach out with some feedback from our team regarding the security awareness training content provided through Huntress/Curricula.
We've received questions from our users about two specific points in the training materials:
- TLS Certificate Presence as a Phishing Indicator
The training suggests that fraudulent websites often don't have TLS certificates. Our users have raised concerns that this guidance may be outdated, as obtaining free TLS certificates (via Let's Encrypt and similar services) has become trivial for attackers. In fact, many phishing sites now actively use HTTPS to appear more legitimate. We're concerned this could create a false sense of security where users trust sites simply because they have HTTPS.
- "Lock Icon Means the Website is Secure" Messaging
The training states that a lock icon indicates a website is secure. This phrasing is problematic because it conflates encryption-in-transit (what HTTPS actually provides) with website trustworthiness or safety. A malicious site can have a valid certificate and display the lock icon while still being dangerous. This could mislead users into trusting phishing sites that have implemented HTTPS.
Dima Kumets [Product Manager - Huntress]
marked this post as
under review
We will need to make a decision as to whether this is an update to the existing Secure Browsing episode or if we want to create a new Secure Browsing 2 episode.
Dima Kumets [Product Manager - Huntress]
Thank you so much for posting this feedback. I agree with you that this may create a false sense of security and will discuss this with the team.