[nullc]

HTTPS provides essentially no security to a broad spectrum of attacks-- particularly, any attacker that can position himself between the webserver or name server and any CA is largely unaffected by https. Only attackers that are limited to intercepting between the webserver and end client are meaningfully thwarted. It isn't magical pixie dust. It doesn't appear that this page provides any information or service that would be meaningfully protected by https.

The most important reason to have it is to avoid the automatic search engine downraking that google now applies to non-https sites (helpfully elevating all manner of spam and scams over decades of technical documentation).

> To me the moral of the story and that you should never ever follow instructions by an alleged bank calling you asking to confirm informations and, even worse, give them codes over the phone.

Unfortunately, as pointed out by many others in this thread many banks engage in and even sometimes require you to comply with scam indistinguishable behavior, making your maxim hard to follow. Even ignoring that, everyone makes mistakes, gets distracted, or has bad days... this makes security very hard, even for experts.