Simmarket False Identify Purchase Please Help!

[G-RFRY 1,712]

I would also try to think if you had made a purchase on an account some ware with this CC on your email, a say this because I find hard to now how a hacker hacks an account that did not exist, but if you have an account were you have purchased with this CC you should contact them there site may have been hacked.  

[Ted Striker 338]

You've got to be careful logging into the simmarket site. If I just do a search for simmarket with internet explorer it links me to the less secure http: site not the more secure https: site. I need to be remember to change the URL to https: before logging in.

Ted

[HenningL 2]

39 minutes ago, Ted Striker said:

You've got to be careful logging into the simmarket site. If I just do a search for simmarket with internet explorer it links me to the less secure http: site not the more secure https: site. I need to be remember to change the URL to https: before logging in.

Ted

Thanks for telling. I just realised I've always been using the unsecure site. I was fooled by the "secure" in secure.simmarked.com.

I now changed the link to https.

Henning
 

[Luke 782]

I'm surprise they don't force a redirect to HTTPS. It's literally a two-line Apache config change.

Cheers!

[Gartro 18]

Ted and Luke

Thanks for the suggestion about the Simmarket website address. I did the suggested addition at the beginning of the address and it worked.

Like Henning, I also was lulled into what now seems to be a false sense of security by seeing "secure.simmarket" as part of the address, especially when compared with the "not secure" messages I had seen with some of the other retail sites I have used for flight sim purchases.

Ever since Jim Young's post about a year ago explaining the green lock and "secure" in relation to the Avsim Forums, I have been conscious of the security aspect when making flight sim purchases and I have been surprised that on a few sites the green lock and "secure" do not appear and the "not secure" message does not disappear until after the log in with details of user name and password has taken place. What's stopping someone hacking my log in details there and then using them to download products I have historically purchased?

After the suggestion worked for me on the Simmarket site, I then tried it on two other flight sim retail sites and it worked on one but not the other.

I want to see the comfort factor of the green lock when I first visit a site. Why don't all sites provide that, either via Luke's suggestion or otherwise?

Gary

[Ted Striker 338]

15 hours ago, Gartro said:

Why don't all sites provide that, either via Luke's suggestion or otherwise?

I've talked to a couple of sites about this. Their attitude was that it isn't that important and didn't make the site any more secure. I don't know enough about website security to challenge that. I just wanted to bring it to their attention and was surprised at the response. It does not give me a warm and fuzzy feeling about doing business on those sites though. In fact I now only purchase products from them if I can't get them from anywhere else. I have also downloaded and saved a copy of every purchase just in case the sites get hacked.

Regarding simmarket, when you actually go to purchase something I believe the page does change to https.

Ted

[Luke 782]

9 hours ago, Ted Striker said:

I've talked to a couple of sites about this. Their attitude was that it isn't that important and didn't make the site any more secure. I don't know enough about website security to challenge that. I just wanted to bring it to their attention and was surprised at the response. It does not give me a warm and fuzzy feeling about doing business on those sites though.

They're not completely wrong. Generally speaking if you want to attack an e-commerce site you try and get their data from them directly, not by intercepting it in transit. It's similar to robbing a bank; you are better stealing everyone's money after hours than robbing people one by one on their way in and out of the bank.

However, HTTPS certificates are now free and having encryption is rapidly becoming the price of entry for a web site, never mind one handling financial transactions. If they can't do something as basic as HTTPS, what other important security precautions are they skipping?

Cheers!

[Ted Striker 338]

11 hours ago, Luke said:

If they can't do something as basic as HTTPS, what other important security precautions are they skipping?

That was precisely the thought I had.

Ted

[CaptReiViation 0]

On 3/25/2018 at 3:40 PM, rjfry said:

I would also try to think if you had made a purchase on an account some ware with this CC on your email, a say this because I find hard to now how a hacker hacks an account that did not exist, but if you have an account were you have purchased with this CC you should contact them there site may have been hacked.  

Yes. Thank you very much again for this suggestion. I will make sure to do so. The email that was used is my primary email that I use regularly. In addition to this, I also changed the password and enabled google's two-step varification process on my email. So far nothing suspicious. Thank you very much again.