Debunking email hoaxes and exposing Internet scams since 2003!


Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share





Wonga.com 'Account Error' Phishing Scam

Outline
Message purporting to be from short-term loan company Wonga.com claims that, due to a database error, customers must fill in and submit an attached HTML form to update their account and avoid a hold being placed on their funds.

Wonga Account Phishing

© Depositphotos.com/ Fabio Berti



Brief Analysis
The message is not from Wonga.com and customers are not required to fill in an attached form as claimed. The email is a phishing scam designed to trick Wonga customers into divulging their account username and password to Internet criminals.

Bookmark and Share
Example

Subject: Account error

One error occurred on our database accounts, please update your wonga account
to avoid hold your accounts and all the funds inside.
 
You can release the hold on your account by visiting any of our branches or
download the form attached to your e-mail and confirm your wonga details.
 
We are sorry for this inconvenience but this is a security measure which we must
apply to ensure your account safety.

If you have already confirmed your information then please disregard this message
 
Thanks for choosing Wonga,

The Wonga Security Team

Detailed Analysis


This email, which claims to be sent by the "security team" at loan company Wonga.com advises customers that they must update their Wonga account due to a database error.  Customers are instructed to fill in and submit a login form contained in an attached file.  They are warned that their account and any funds it contains may be placed on hold if they do not submit their details as requested.

However, the message is not from Wonga.com and the supposed database error is just a ruse designed to trick people into submitting their account login details.

Those who open the attached file will be presented with a HTML login form designed to emulate the genuine Wonga.com login page. The fake page includes the same graphics and colour scheme used on the genuine page.

If users enter their email and password and click the "Login" button on the fake form, they will be automatically redirected to the genuine Wonga.com home page.

Meanwhile, their login details can be collected by scammers and used to hijack their real Wonga accounts.

No legitimate financial entity is ever likely to ask customers to provide login details via an unsecure form contained in an email attachment.

Phishing continues to be a very common scam that targets customers of many financial institutions and service providers around the world. Be very cautious of any unsolicited message that claims that you must click a link or open an attachment to update account details or fix account errors.  It is always safest to login to your online accounts by entering their web address in your browser's address bar rather than by clicking a link in an email.

Bookmark and Share

Last updated: July 5, 2013
First published: July 5, 2013
By Brett M. Christensen
About Hoax-Slayer

References
Difference Between http & https
Phishing