Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

Home    About    New Articles    RSS Feed    eBook    Contact
Bookmark and Share 'Account Error' Phishing Scam

Message purporting to be from short-term loan company claims that, due to a database error, customers must fill in and submit an attached HTML form to update their account and avoid a hold being placed on their funds.

Wonga Account Phishing

© Fabio Berti

Brief Analysis
The message is not from and customers are not required to fill in an attached form as claimed. The email is a phishing scam designed to trick Wonga customers into divulging their account username and password to Internet criminals.

Bookmark and Share

Subject: Account error

One error occurred on our database accounts, please update your wonga account
to avoid hold your accounts and all the funds inside.
You can release the hold on your account by visiting any of our branches or
download the form attached to your e-mail and confirm your wonga details.
We are sorry for this inconvenience but this is a security measure which we must
apply to ensure your account safety.

If you have already confirmed your information then please disregard this message
Thanks for choosing Wonga,

The Wonga Security Team

Detailed Analysis

This email, which claims to be sent by the "security team" at loan company advises customers that they must update their Wonga account due to a database error.  Customers are instructed to fill in and submit a login form contained in an attached file.  They are warned that their account and any funds it contains may be placed on hold if they do not submit their details as requested.

However, the message is not from and the supposed database error is just a ruse designed to trick people into submitting their account login details.

Those who open the attached file will be presented with a HTML login form designed to emulate the genuine login page. The fake page includes the same graphics and colour scheme used on the genuine page.

If users enter their email and password and click the "Login" button on the fake form, they will be automatically redirected to the genuine home page.

Meanwhile, their login details can be collected by scammers and used to hijack their real Wonga accounts.

No legitimate financial entity is ever likely to ask customers to provide login details via an unsecure form contained in an email attachment.

Phishing continues to be a very common scam that targets customers of many financial institutions and service providers around the world. Be very cautious of any unsolicited message that claims that you must click a link or open an attachment to update account details or fix account errors.  It is always safest to login to your online accounts by entering their web address in your browser's address bar rather than by clicking a link in an email.

Bookmark and Share

Last updated: July 5, 2013
First published: July 5, 2013
By Brett M. Christensen
About Hoax-Slayer

Difference Between http & https