Wise Account Takeover via Email-Change Phishing
Attackers send phishing emails that capture Wise login credentials, then immediately use them to change the registered email address — locking the real account holder out and taking full control before any OTP challenge can be received.
Part of: Account Takeover Scams
Last reviewed: 7 June 2026
Taking over a Wise account requires more than just credentials because Wise uses OTP verification. However, the sequence in which account actions are performed matters: if an attacker captures the login credentials and simultaneously initiates an email-address change, they can redirect future OTPs to their own email before the victim realises what has happened.
The phishing campaign that enables this attack uses standard Wise-impersonation emails — typically a security alert or transfer-verification notice — to harvest credentials on a fake Wise login page. What distinguishes this variant is the speed and automation of the follow-on action: an automated script logs in with the captured credentials, navigates to the account settings, and initiates an email-address change within seconds.
Wise sends a confirmation email to the current registered address when an email change is requested. If the victim intercepts and declines this confirmation promptly, the attack fails. But many victims do not monitor their email closely enough to catch the confirmation in time, especially if the attack happens while they are asleep or at work.
How this scam works on the Wise brand
Wise's real email-change process sends a confirmation to the current registered address that must be clicked to complete the change. This is a security mechanism — but it only works as a defence if the victim sees and acts on the email quickly. Some attackers attempt the change multiple times or at odd hours to increase the chance of success.
When the email change succeeds, subsequent OTPs go to the attacker's address. The attacker then completes whatever account action they want — a large transfer, a withdrawal to a new bank account, or a further data harvest — without further friction. The victim is locked out of their own account.
Some campaigns combine a compromised email account with the Wise phishing attack: if the attacker also has access to the victim's email, they can intercept the confirmation link themselves. This is why using a unique, strong password for the email account linked to Wise is important — a compromised email extends the attack surface significantly.
Common red flags
- A Wise login page reached via a link in an email — always navigate directly to wise.com instead
- A Wise email-address change confirmation arrives unexpectedly in your inbox
- You are locked out of your Wise account and OTPs are no longer arriving on your phone or email
- An email from Wise stating that an email-address change was requested, when you did not request one
- Multiple OTP attempts arriving in quick succession — an attacker may be probing for account access
- Your Wise balance or transfer history shows unexpected activity
- The phishing email referenced a specific Wise transfer or balance detail to seem credible
How to protect yourself
- Navigate to wise.com directly and never via email links to prevent credential capture
- Act immediately if you receive a Wise email-change confirmation you did not request — decline it
- Enable two-factor authentication and use an authenticator app rather than SMS where possible
- Use a unique strong password for both your Wise account and the email address linked to it
- Set up alerts for Wise account changes so you are notified of any email or phone update
- Check your Wise account settings periodically to verify the registered email and phone are yours
- Contact Wise through in-app chat immediately if you receive unexpected account-change notifications
How to report it
- Report through Wise in-app chat: open the Wise app and tap Help
- Forward phishing emails to [email protected]
- Report to Action Fraud at actionfraud.police.uk (UK) or the FTC at reportfraud.ftc.gov (US)
- File a report with the FBI's IC3 at ic3.gov if funds were transferred
- Notify Wise immediately of any suspected unauthorised email-change attempt to trigger account review
Frequently asked questions
How quickly does Wise process an email-address change?
Wise sends a confirmation to the current email address that must be approved before the change takes effect. If you receive this confirmation unexpectedly, decline it immediately through the link in the email and contact Wise support through the app.
What happens if I lose access to my Wise account?
If you are locked out, contact Wise through the account-recovery flow at wise.com/help. Wise's support team will verify your identity through documents and help you regain access. Report the incident as fraud during the recovery process.
Does using a different password for my Wise-linked email help?
Yes. If the email account linked to your Wise account uses the same password as your Wise account, a single phishing attack may compromise both. Using unique passwords for each account limits the damage of any single credential capture.