Yes. OziShield is completely free to use. There are no accounts, subscriptions or hidden charges.

Do you store my links or messages?

No. OziShield is privacy-first. Everything is processed securely and nothing is stored or tracked.

Can OziShield detect AI-generated or deepfake images?

Yes. OziShield’s RealCheck feature analyses images to detect AI-generated or manipulated content and helps verify whether an image is real or synthetic.

Can I check if a photo or screenshot is fake?

Yes. You can upload images or screenshots to analyse whether they have been edited, manipulated or artificially generated.

Is HTTPS always safe?

No. Scammers can also use HTTPS. A padlock does not guarantee that a website is safe.

OziShield is built and maintained by Ozinexus Technologies, a Sydney-based digital engineering company founded by Simmi Ahuja.

Security Basics

Why You Should Never Trust a 'Safe' Link Just Because It Has HTTPS

The padlock icon means your connection is encrypted — not that the website itself is trustworthy.

Published by OziShield • May 2026

One of the most common misconceptions about online safety is that the padlock icon in your browser means a website is safe to use. In reality, HTTPS only tells you that the connection between your device and the website is encrypted. It says nothing about whether the site is legitimate, trustworthy, or operated by scammers.

This confusion is understandable. For years, browsers and security advice have taught people to "look for the padlock" as a sign of safety. That advice made sense when HTTPS was rare and mostly used by banks and large organisations. Today, HTTPS is free, easy to set up, and used by almost everyone — including scammers.

What HTTPS actually means

HTTPS (Hypertext Transfer Protocol Secure) encrypts the data sent between your browser and a website. This means:

Your password cannot be read by someone monitoring the network
Your credit card details cannot be intercepted mid-transmission
The website you are connecting to matches the address in your browser

What it does NOT mean:

The website is operated by a legitimate organisation
The website will not steal your information once you enter it
The website is free from malicious code or deceptive content

HTTPS protects the pipe, not the destination.

How scammers use HTTPS to appear legitimate

Scammers know that people trust the padlock icon. They also know that HTTPS certificates are now free and take minutes to set up through services like Let's Encrypt. As a result, the majority of phishing sites now use HTTPS.

This creates a false sense of security. A user sees the padlock, assumes the site is safe, and enters their banking password or personal details — directly into the hands of scammers.

Real-world example

Here are two URLs. Both use HTTPS. One is legitimate, one is a scam. The padlock icon appears on both.

LEGITIMATE

https://commbank.com.au

Official Commonwealth Bank domain. Registered decades ago. Matches brand exactly.

PHISHING SCAM

https://commbank-au-secure.com

Fake site. Registered 3 days ago. Uses HTTPS. Looks identical to real site. Steals login details.

Both have the padlock. Both use HTTPS. One is safe. One is a scam designed to steal your banking credentials.

The difference is not the encryption. The difference is the domain name, registration date, and who controls the website.

What to check instead of just the padlock

Check the full URL carefully. Scammers use similar-looking domains with slight variations. commbank.com.au is real. commbank-secure.com is fake.
Be suspicious of unexpected messages. If you did not request a password reset, account verification, or delivery notification, do not click links in the message. Go directly to the official website or app.
Look at the domain age. Legitimate organisations do not register new domains every few days. Newly registered domains are often used for short-term scams.
Watch for urgency and pressure. Scam messages often claim your account will be locked, a payment is overdue, or a delivery will be cancelled unless you act immediately.
Verify independently. If a message claims to be from your bank, telco, or government agency, do not click the link. Open the official app, call the organisation directly, or type their known web address into your browser.

Important: If you have already entered personal details, passwords, or payment information on a suspicious site, act immediately. Change your passwords, contact your bank, and monitor your accounts for unauthorised activity.

Why this matters now

In our early scan data, 68 submitted links triggered warnings related to HTTPS being present but other risk signals also appearing. This pattern is common: scammers use HTTPS to create trust, then rely on urgency, familiar branding, or official-looking language to convince people to act without thinking.

The padlock icon is still important. It protects your data in transit. But it is not a badge of trust. It is a technical feature, not a guarantee of safety.

Not sure if a link is safe?

Scan it before you click. OziShield checks domain age, known scam patterns, suspicious wording, and Australian-specific threat signals — not just whether the site uses HTTPS.

Scan with OziShield

🛡

      Not sure if a link, message or document is real?
    
      Paste it into the free OziShield scanner — instant forensic analysis.

      No login. No account. No cost. Takes 10 seconds.
    
      🔗 Links & URLs
      💬 SMS & Messages
      📄 Documents
      🖼 Screenshots
    
      🛡 Scan It Now — Free