Saturday, October 1, 2011

Another scam site, cashadvances.co.uk

In a recent post, Payday Loan Scam Site cornerstonepayday.com, I discussed a web site claiming to offer payday loans, but full of enough red flags to make it clear that the site was either a con job, or designed by someone so incompetent at protecting customer data as to make doing business with them a incredibly bad idea. The same vandalized Wiki has introduced me to cashadvances.co.uk. While not QUITE a incompetently assembled as cornerstonepayday.com, it's still pathetic.

The first major red flag is the complete lack of encryption of any kind. Cornerstonepayday.com had a purloined SSL certificate, but the site was designed in such a way as to make it impossible to actually submit your data over SSL even if you tried. Cashadvances.co.uk handles this problem by having NO encryption on it's submission form at all. If you try manually changing the HTTP in the address bar to HTTPS and hit "Enter" you get the following browser error:
Secure Connection Failed
          An error occurred during a connection to www.cashadvances.co.uk.
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)
  The page you are trying to view can not be shown because the authenticity of the received data could not be verified.
  Please contact the web site owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.
Cashadvances.co.uk is asking for your employment history, birth date, contact information and other personal details but doesn't bother to encrypt it. I don't know if the law is different in the UK, but in the USA, an operation prompting for that kind of data over the Internet without using encryption would be violating of a number of laws and regulations.

In short, don't apply for a loan of any kind through Cashadvances.co.uk. They're probably a con operation, and if they aren't, they're too incompetent to be trusted with your data.

3 comments:

Anonymous said...

Valuegreenslips.com.au is a similar site. Advertised by spam, no SSL for forms that are legally required to have SSL.

Anonymous said...

Don't forget carinsurancecomparison.co.uk. They don't have security on their forms either. NO protection AT ALL. Is that even legal?

Anonymous said...

debtmanagement.co.uk is the same. A scam site with no encryption.