Cybercriminals try to trick users into handing over login credentials

Jul 8, 2013 13:57 GMT  ·  By

Fake emails purporting to come from Wonga, a company that offers short-term loans, try to trick recipients into handing over their login credentials.

The bogus notifications, entitled “Account error,” carry an HTML file. Recipients are instructed to download the attached form and log in to their accounts.

According to Hoax Slayer, the form in question is designed to look like it’s a legitimate Wonga login page.

Once the email address and the password are entered, and the Login button is clicked, the data is sent back to cybercriminals and the victim is directed to the legitimate Wonga website in an effort to avoid raising any suspicion.

If you want to protect yourself against such scams, never enter your personal and financial information on websites hosted elsewhere than the company’s official domain. Genuine login pages are in most cases secured by an https connection.

If you’re already a victim of this scam, change your password immediately. If you’ve been locked out of your account, contact Wonga and try to sort things out.

Once cybercriminals have access to your online accounts, especially ones related to finances, they can cause some serious harm.

Here’s what the malicious emails look like. If you come across such notices, delete them immediately:

“One error occurred on our database accounts, please update your wonga account to avoid hold your accounts and all the funds inside.

You can release the hold on your account by visiting any of our branches or download the form attached to your e-mail and confirm your wonga details.

We are sorry for this inconvenience but this is a security measure which we must apply to ensure your account safety.

If you have already confirmed your information then please disregard this message

Thanks for choosing Wonga,

The Wonga Security Team”