Issue 158 - July, 2013 (2nd Edition) - Page 17
Wonga.com 'Account Error' Phishing Scam
Message purporting to be from short-term loan company Wonga.com claims that, due to a database error, customers must fill in and submit an attached HTML form to update their account and avoid a hold being placed on their funds.
© Depositphotos.com/ Fabio Berti
The message is not from Wonga.com and customers are not required to fill in an attached form as claimed. The email is a phishing scam designed to trick Wonga customers into divulging their account username and password to Internet criminals.
Subject: Account error
One error occurred on our database accounts, please update your wonga account
to avoid hold your accounts and all the funds inside.
You can release the hold on your account by visiting any of our branches or
download the form attached to your e-mail and confirm your wonga details.
We are sorry for this inconvenience but this is a security measure which we must
apply to ensure your account safety.
If you have already confirmed your information then please disregard this message
Thanks for choosing Wonga,
The Wonga Security Team
This email, which claims to be sent by the "security team" at loan company Wonga.com advises customers that they must update their Wonga account due to a database error. Customers are instructed to fill in and submit a login form contained in an attached file. They are warned that their account and any funds it contains may be placed on hold if they do not submit their details as requested.
However, the message is not from Wonga.com and the supposed database error is just a ruse designed to trick people into submitting their account login details.
Those who open the attached file will be presented with a HTML login form designed to emulate the genuine Wonga.com login page. The fake page includes the same graphics and colour scheme used on the genuine page.
If users enter their email and password and click the "Login" button on the fake form, they will be automatically redirected to the genuine Wonga.com home page.
Meanwhile, their login details can be collected by scammers and used to hijack their real Wonga accounts.
No legitimate financial entity is ever likely to ask customers to provide login details via an unsecure form
contained in an email attachment.
continues to be a very common scam that targets customers of many financial institutions and service providers around the world. Be very cautious of any unsolicited message that claims that you must click a link or open an attachment to update account details or fix account errors. It is always safest to login to your online accounts by entering their web address in your browser's address bar rather than by clicking a link in an email.
Last updated: July 5, 2013
First published: July 5, 2013
By Brett M. Christensen
Pages in this issue:
- Capri Sun Mold Warning
- False Child Abduction Alert - 'Lilly Snatched From Surrey'
- Gas Saving Tips - Are They Really Saving You Anything?
- China Food Imports - Is It Really That Simple?
- Jury Duty Phone Scam Warning
- Myth - Ice Water Can Cause Dangerous Bloating in DogsD
- Amazon 'Important Message From Security Center' Phishing Scam
- Hoax: Facebook to Start Charging This Summer
- Kmart Australia Giveaway Like-Farming Scam
- Do Water Filled Zip-Lock Bags with Added Pennies Keep Flies Away?
- Photos of Old Car Collection Found in Portugal Barn
- Faux Image - Mounted Police Officer Riding Giant Dog
- Expedia Travel Itinerary Malware Email
- 'Google Account Hacked' Text Message Scam
- Completely Pointless and Misleading 'Facebook Privacy Notice'
- Hoax - Pope Benedict XVI Resigned Papacy to Convert to Islam
- Wonga.com 'Account Error' Phishing Scam
- Hoax Warning Claims Deadly Swine Flu Epidemic in South Africa
- Australian Government Withdrawing Funds From Inactive Accounts Warning
- 'Facebook Has Sent You a Message' Pharmacy Spam
- Pepsi Cola Bottling Company 'Grant Compensation' Advance Fee Scam
- Does a Viral Image Depict a Monkey Saving a Puppy From An Explosion?
- Advance Fee Scammers Using Cloned FB Accounts To Gain Victims
- South African 'Mighty Men' Conferences Racial Integration Hoax
- Did Samsung Pay a $1 Billion Fine to Apple in 5 Cent Coins?
- Browser and Operating System Survey Scam
- Circulating Message Falsely Accuses Pictured Man of Being a Human Trafficker