Gallery
Fake Wing Lung Bank website, note the https connection hi-res
Real Wing Lung Bank website, by default unencrypted. hi-resFirst published: 05th October 2017
The Hong Kong Monetary Authority and Wing Lung Bank have issued warnings about a fraudulent webpage, https://www.winglungonline.com/ using the name of Wing Lung Bank. The bank's official websites are:
- Wing Lung Bank: www.winglungbank.com
- Wing Lung NET Securities Services: www.winglungsec.com
Victims should promptly call the Bank’s Customer Service Hotline at +852 2309 5555
The differences between the real and fake sites are striking, the fake does not copy the logo, colour scheme or layout of the real site at all. It also uses English, while the real site defaults to Chinese. But the most surprising difference is that the fake site forces the use of an encrypted, https, connection using a valid certificate, but the real www.winglungbank.com site defaults to an unencrypted connection. Therefore, the fake site gets a reassuring closed green padlock in the address bar, and the real site does not. Admittedly, the real login page is https protected, but it is linked via a JavaScript button from the unencrypted front page. Should a bank expect their customers to run a script from an unidentified website to reach their login page?
