The ‘Zelle Fraud’ Scam: What it Is and How to Avoid it

Zelle is one of the most famous platforms to quickly send money to loved ones, friends, and family. However, now cybercriminals are taking advantage of it to get people’s account information.

Zelle Fraud scamUsing clever tactics to fool clients, fraudsters are now taking advantage of the existence of Zelle to get customers to give them their account information. Once the person does, they quickly proceed to transfer the funds through this person-to-person platform.

Stories of people being scammed and losing money have alarmed some Zelle users, which is why clients must be careful with any suspicious message they get. This is especially the case if they’re supposed to respond with sensitive information like their account username or a one-time passcode. Here’s all about the ‘Zelle Fraud’ scam and how people can avoid it:

How it Works

Users first receive a text message that says someone else tried to transfer money to them using Zelle. People are supposed to answer ‘yes’ or ‘no,’ but regardless of what they answer, if they reply, they will soon receive a call from the scammer.

Overall, scammers want to talk to the person until they get the information they want. Therefore, they will use intelligent strategies to ask the client for their data, and once they get it, they will perform quick transactions in a matter of seconds. This can be a financial catastrophe for the person.

The number of the caller is spoofed, so people might think it’s the bank calling them. Once they pick up the phone, the fraudster will ask numerous questions to ‘verify the identity’ of the person, and this is how they get their banking information.

Fraudsters usually ask questions such as the following:

  • “I need to make sure I’m speaking to the right person. Can you tell me your username?”
  • “I need to ask a few questions to verify your identity. Can I have your username?”
  • “Please, tell me your username, so I can verify your identity.”

Once the client gives the fraudster their username, the scammer will try to get the password by using the ‘forgot my password’ feature or even get you to cough it up. After that, they will typically tell them something along the lines of ‘I’ll send you the passcode and I want you to read it back to me.’

To complete the password reset process, the fraudster uses the code. After changing the client’s banking password, they use Zelle to transfer the funds to other accounts.

An essential part of understanding how the Zelle Fraud works is realizing that fraudsters don’t need the person’s bank account password at first. If they have their username and get the person to read them the one-time code they got via email, the scammers are able to quickly change their password and transfer money to different accounts using Zelle.

Furthermore, in many cases, victims of these fraudulent actions didn’t know what Zelle was and had no idea that it was a platform to move money.

Numerous banks and credit unions offer Zelle as a default part of their online banking services. Clients don’t necessarily need to request it – it’s just there, and people unknowingly fall for these scams without understanding what’s going on.

Fraud losses can escalate quickly in a matter of days, due to the number of clients that can become victims in very little time.

What Zelle Is Doing

To combat these issues, Zelle has introduced a way to authenticate transactions using their details. The person must send a text containing the payee and dollar amount of the Zelle transfer, and the member must reply to the text to authorize the transfer.

Nonetheless, fraudsters have found a way around these security measures as well. Otsuka said that scammers might stay on the phone with the person until they get both their username and a two-step authentication passcode to be able to log into their accounts.

After that, the fraudster tells the clients that they’ll receive a Zelle transfer details through text and that they must reply to authorize the transaction. If the client asks about the purpose of this, they will tell them that it will reverse the fraudulent movement of their funds.

Clients will call customer support, explain what happened, and try to get credit-card protection. However, they often face disappointment, and in the worst cases, financial ruin. In many cases, banks representatives have stated that the banks are not required to reimburse the customer for these phishing schemes.

Bank clients must be aware of the fact that they’re entitled to Regulation E protection, and banks must refund the stolen money.

How to Handle This

Bank clients must know that they have Regulation E protection. Therefore, even if they were manipulated into giving out their login details, the bank “should” give back the stolen funds.  Clients expect a sense of security and protection when they put their assets in a specific company. Thus, the bank must fulfill their expectations.

When a client signs up with a financial company, their data and privacy must be secure (and no one should have access to them without their consent). At the same time, the bank must protect them from fraud, errors in payments, provide them with trustworthy customer service whenever they need it, and representatives should treat them equally and respect their rights. But as we know, this is not always the case, and often when the client is victimized, because of their own error, the banks turn their head the other way.

Lastly, people should never forget the ‘Hang Up, Look Up, Call Back,’ motto. If someone suspects that they’re receiving a possibly fraudulent call, they should kindly tell the caller that they’ll hang it up.

Since most fraudsters claim they’re from a company the person knows, the client must look at the company phone numbers and see if they’re receiving calls from them. Then, customers should actually phone the company and ask if they have been calling.

Even though this is not a way to absolutely prevent scams from happening, it’s an effective strategy to avoid them. Fraudsters rely on people’s innocence to provide sensitive information when reputable companies ask for it, which is why customers must try to avoid giving it away so easily unless they’re sure that it’s the company they hired.

Robert is a security expert and private investigator with 30+ years experience, #1 Best Selling Amazon.com author of 5 books, and the architect of the CSI Protection certification; a Cyber Social Identity and Personal Protection security awareness training program. He is a frequent speaker and media commentator, and CEO of Safr.Me and Head Trainer at ProtectNowLLC.com. Robert has been featured on CNN, Fox News, CNBC, MSNBC, ABC World News Tonight, NBC Nightline, CBS Early Show, Today Show, Good Morning America and in the NY Times, Wall Street Journal, Time Magazine, Fortune, Forbes, Entrepreneur and many more.

Here’s Why You Need Identity, Privacy, and Device Protection

Our philosophy has always been “all security is personal”. So, whether you are a front line administrator, a CISO, or a CEO, the security of your organization begins with you and your person. If you don’t have your own personal security in order, how do you expect your business data to be secured? It starts with you.

People are often anxious about the security of their personal information and online accounts. Cybercriminals are finding new ways to invade your privacy which is why you need comprehensive protection to keep you safe online.

Here are some protection and privacy best practices that you can use to keep your identity and sensitive information away from prying eyes and restore your faith in technology.

Device Protection

Device protection refers to the measures you take to protect your hardware or physical devices from intruders and potentially harmful software, such as malware, adware, and viruses.

Protect Your Hardware

This may sound simplistic, but knowing where your smartphones, computers, iPads, and gaming consoles are and never allowing people you don’t know to use them are the first steps in protecting them.

Ensure that you protect your devices with a password to ensure that your photos, banking apps, and text messages stored on them are inaccessible if you lose your phone at a concert or leave your tablet in a restaurant. You’d be amazed at how many people don’t have a password in their mobile phone.

Back Up

It’s also a good idea to back up your files regularly so that your images, videos, and documents are lost if your laptop / phone  crashes or is stolen. Use a combination of Google, Apple, online backup services and local external hard drives, and sync software.

Protection Against Malicious Software by Updating

To keep your device safe, you’ll also have to protect it from malicious threats. There are many ways for malware and viruses to get onto your devices, including phishing scams, suspicious websites, questionable downloads, and clicking on advertisements.

When browsing sites that seem unreliable, use caution, and apply common sense when clicking on links.

Updating operating systems, browser, and various software programs, is necessary to keep your data and devices secure. These updates are for functionality purposes, but more often are critical for security updates, when and where at vulnerabilities are discovered by researchers.

Privacy Protection

Protecting your privacy involves preventing advertisers, fraudsters, and other unscrupulous organizations from obtaining access to the information you’d prefer to keep private.

It only takes a few careful modifications to your regular browsing, emailing, and social media activities to increase your internet privacy. Just be thoughtful about where you’re going, what you’re doing, and what personal or sensitive information you may be providing.

Limit What You Share on Social Media

Consider your usage of social media. Do you upload pictures containing information that could be used to identify you? Examples of information that you shouldn’t share online include your:

  • Full name
  • Birthday
  • Physical address
  • Current location

If your profile is freely accessible and anyone can view it, you might want to think about limiting what you post online. Sadly, although your loved ones may like reading your status posts, cybercriminals enjoy them even more.

Fraudsters can learn enough about you in just a few minutes of spying to pass themselves off as you or to target you. Restrict the information you post on social media and restrict the number of people you follow and befriend to those you actually know.

In the end, be thoughtful about what you post, and how a scammer might use it against you, your family, or your business.

Use a VPN

Connecting to a virtual private network (VPN) is another great way to protect your online privacy. By encrypting your connection and keeping your location hidden, a VPN enables you to browse the internet anonymously.

Protecting your privacy with a VPN is essential when using public Wi-Fi at a library, restaurant, or coffee shop.

This is because cyber criminals typically wait around unprotected Wi-Fi networks to spy on users making online purchases or paying bills to gain access to their login information.

Invest in Antivirus Software

Spyware can also threaten your online privacy. Adware, for example, can be used to spy on your online activity to help third parties learn more about your interests and preferences and target you with online ads.

One of the best ways to block spyware is by installing a reliable antivirus application to help you identify and remove malicious software. A reliable antivirus software application to help detect, identify, and remove malware and viruses that could pose a threat to your online security. A paid subscription has multiple layers of protection versus a free antivirus.

Identity Protection

Another type of fraudulent activity to look out for is identity theft. Each time identity theft occurs, dealing with the repercussions can be challenging and may even have an impact on your finances, credit rating, and future ability to obtain loans, credit cards, or mortgages.

Protecting your personal information with care is one approach to keeping your identity safe online. Never provide anyone your Social Security Number via email unless it is absolutely necessary, and you have verified the sender’s identity.

Investing in identity security services that monitors the dark web and notifies you of any suspicious activity that might point to identity theft is a good idea.

Consider getting a credit freeze which locks on your credit report and prevent unauthorized counseling, opened in your name.

Here are some examples of identity theft:

1.    Forging an Identity

The most frequent form of identity theft is when a thief takes a victim’s Social Security number and uses it to create a new false identity.

2.    Creating New Accounts Using Someone Else’s Credentials

When a scammer successfully obtains financial data and personally identifiable information from a user, they can open new accounts such as utility accounts, credit cards, and more using the victim’s good credit rating.

3.    Taking Over Someone Else’s Account

Account takeover occurs when a fraudster takes the victim’s account login information and adds themselves as authorized parties, giving them access to the victim’s banking facilities.

Fortunately, this type of fraudulent activity is steadily decreasing due to the widespread use of EMV chip readers.

4.    Medical Identity Theft

Medical identity theft occurs when fraudsters pose as patients to access certain prescribed drugs and have their medical care covered by the victim.

5.    Corporate Identity Theft

Corporate identity fraud occurs when a criminal tries to issue new lines of credit in the name of a company, sends clients fake bills, and then takes the payments themselves. This type of identity theft is most common in small businesses.

A cybercriminal may still manage to obtain your personally identifiable information even when you follow all the rules.

When a security breach occurs at an establishment with your personal information, you’ll need to find another way to keep your information and banking accounts safe.

Protect Yourself

Considering how many ways there are to target users online, it should come as no surprise that many are uneasy about their safety when surfing the net. Fortunately, you can safeguard your devices, protect your identity, and keep your browsing history away from prying eyes by installing reliable antivirus software.

Keep up with the latest developments, and if a corporation that stores your information is the target of a cyberattack, take swift action to protect your identity and safeguard your account.