Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

Home    About    New Articles    RSS Feed    Subscriptions    Contact
Bookmark and Share

Issue 158 - July, 2013 (2nd Edition) - Page 17 'Account Error' Phishing Scam

Issue 158 Start Menu

Previous Article            Next Article

Message purporting to be from short-term loan company claims that, due to a database error, customers must fill in and submit an attached HTML form to update their account and avoid a hold being placed on their funds.

Wonga Account Phishing

© Fabio Berti

Brief Analysis
The message is not from and customers are not required to fill in an attached form as claimed. The email is a phishing scam designed to trick Wonga customers into divulging their account username and password to Internet criminals.

Bookmark and Share

Subject: Account error

One error occurred on our database accounts, please update your wonga account
to avoid hold your accounts and all the funds inside.
You can release the hold on your account by visiting any of our branches or
download the form attached to your e-mail and confirm your wonga details.
We are sorry for this inconvenience but this is a security measure which we must
apply to ensure your account safety.

If you have already confirmed your information then please disregard this message
Thanks for choosing Wonga,

The Wonga Security Team

Detailed Analysis

This email, which claims to be sent by the "security team" at loan company advises customers that they must update their Wonga account due to a database error.  Customers are instructed to fill in and submit a login form contained in an attached file.  They are warned that their account and any funds it contains may be placed on hold if they do not submit their details as requested.

However, the message is not from and the supposed database error is just a ruse designed to trick people into submitting their account login details.

Those who open the attached file will be presented with a HTML login form designed to emulate the genuine login page. The fake page includes the same graphics and colour scheme used on the genuine page.

If users enter their email and password and click the "Login" button on the fake form, they will be automatically redirected to the genuine home page.

Meanwhile, their login details can be collected by scammers and used to hijack their real Wonga accounts.

No legitimate financial entity is ever likely to ask customers to provide login details via an unsecure form contained in an email attachment.

Phishing continues to be a very common scam that targets customers of many financial institutions and service providers around the world. Be very cautious of any unsolicited message that claims that you must click a link or open an attachment to update account details or fix account errors.  It is always safest to login to your online accounts by entering their web address in your browser's address bar rather than by clicking a link in an email.

Bookmark and Share

Last updated: July 5, 2013
First published: July 5, 2013
By Brett M. Christensen
About Hoax-Slayer

Difference Between http & https

Previous Article            Next Article

Issue 158 Start Menu

Pages in this issue:
  1. Capri Sun Mold Warning
  2. False Child Abduction Alert - 'Lilly Snatched From Surrey'
  3. Gas Saving Tips - Are They Really Saving You Anything?
  4. China Food Imports - Is It Really That Simple?
  5. Jury Duty Phone Scam Warning
  6. Myth - Ice Water Can Cause Dangerous Bloating in DogsD
  7. Amazon 'Important Message From Security Center' Phishing Scam
  8. Hoax: Facebook to Start Charging This Summer
  9. Kmart Australia Giveaway Like-Farming Scam
  10. Do Water Filled Zip-Lock Bags with Added Pennies Keep Flies Away?
  11. Photos of Old Car Collection Found in Portugal Barn
  12. Faux Image - Mounted Police Officer Riding Giant Dog
  13. Expedia Travel Itinerary Malware Email
  14. 'Google Account Hacked' Text Message Scam
  15. Completely Pointless and Misleading 'Facebook Privacy Notice'
  16. Hoax - Pope Benedict XVI Resigned Papacy to Convert to Islam
  17. 'Account Error' Phishing Scam
  18. Hoax Warning Claims Deadly Swine Flu Epidemic in South Africa
  19. Australian Government Withdrawing Funds From Inactive Accounts Warning
  20. 'Facebook Has Sent You a Message' Pharmacy Spam
  21. Pepsi Cola Bottling Company 'Grant Compensation' Advance Fee Scam
  22. Does a Viral Image Depict a Monkey Saving a Puppy From An Explosion?
  23. Advance Fee Scammers Using Cloned FB Accounts To Gain Victims
  24. South African 'Mighty Men' Conferences Racial Integration Hoax
  25. Did Samsung Pay a $1 Billion Fine to Apple in 5 Cent Coins?
  26. Browser and Operating System Survey Scam
  27. Circulating Message Falsely Accuses Pictured Man of Being a Human Trafficker