It's been a while since this thread was active, but I ran across some information that could be important, especially at this time of year when use of e-commerce sites is greatly increased.
You may have heard that you should always "look for the lock icon" in your address bar, or to always "use HTTPS" to ensure a secure connection. Sadly, these easy checks are no longer reliable for indicating that you are browsing and conducting business safely. Recent research indicates that
half of all phishing scams are now hosted on Web sites whose Internet address includes the padlock and begins with “https://”. (<-- article contains very good explanations)
Phishing information from unsuspecting users is a big business, and more and more the perpetrators are using conventional means to lure people into a false sense of security. They register their sites and purchase SSL certificates in an effort to appear like a legitimate site. While "https://"
does indicate that your connection with a site is encrypted and secured from outside snooping, it says nothing at all about the true identity of who is on the other end (and never did).
They also take advantage of
internationalized domain names (use of Unicode in URLs designed to allow
legitimate local language display of addresses) to make URLs look familiar, while directing you elsewhere. The article indicates which browsers will warn you of this, and which need some modification to do so (Firefox users - like me - should really read the article).
The bottom line is: always be wary and alert when browsing, and don't ever let your guard down.