Before now, the predominant recommendation has been to watch out for a green padlock when transacting with any website, as the presence of HTTPS lends to the credibility of the site, but not anymore.
While the Hypertext Transfer Protocol Secure (HTTPS) is a combination of the Hypertext Transfer Protocol with the SSL/TLS Protocol to enable data encryption and secure identification of a given server, but now even the bad actors adhere to it, which means you'll need to check for more than one sign to know if a website is legit.
As the number of websites supporting HTTPS over encrypted SSL/TLS connections have skyrocketed over the past year, with over 70 percent of web traffic now encrypted, both on computers and mobile devices, even Google has gone ahead to remove the green padlock on its browser, Chrome, citing that HTTPS is now so normal that you don't need to see it anymore.
The proliferation of HTTPS means there's no one rule to protect you from the bad actors on the internet today, so you have to be savvier than ever before to avoid the scams.
It is advisable to check for more than one sign to be sure that a website is legitimate, including making sure the site's URL is actually correct, and as a rule of thumb, type out the URL into the browser instead of following a link from a mail. Also, when using password managers and security software, ensure they are up to date.
The green lock is supposed to show that information sent from your browser is encrypted, and that is all, but doesn't say anything about the legitimacy of the site, as scammers can trick you into entering your sensitive information with a green padlock on their sites too.
That's not to say that HTTPS isn't useful, because transmitting valuable information that anyone could intercept and read is also a bad idea, but a lot of people just don't know the lock means another specific thing, they've been sold over the years that it means a 'safe' website.