Since its launch, the peer-to-peer payment application Zelle has become immensely popular. In 2023, Zelle processed over 2.9 billion transactions worth $806 billion, with over 120 million active user accounts. The total number of transactions and monetary value are both up 28% year over year.
It’s a staggering success, but with increased attention from consumers comes increased attention from fraudsters. Zelle fraud is proving to threaten consumers and brand integrity severely. There are numerous ways to use Zelle to trick a target, and the immediacy of payment makes it a fast, irreversible mechanism in a scam. According to Forbes, 8% of all banking customers say they’ve been the victim of peer-to-peer payment scams in the last 12 months.
What Is Zelle? How Does It Work?
Zelle is owned and operated by Early Warning Systems, owned by a collection of large US financial institutions, including Bank of America, Capital One, JPMorgan Chase, PNC Bank, Truist, U.S. Bank, and Wells Fargo. The peer-to-peer payment solution allows any individual or party to instantly transfer money from their bank account to another individual or party without fees. All they need is a bank account and email address.
Zelle has become extremely popular because it simplifies digital funds exchanges between friends, coworkers, and businesses. In an age where cash transactions are less common, Zelle is an attractive digital alternative that allows you to use your bank account like a wallet.
A second factor in its success is that it is widely available. Today, Zelle is integrated into over 2,000 banking apps and functions within and between US-based banks. Often, consumers use Zelle technology without even knowing it.
Fraud
Common Types of Zelle Fraud
Zelle offers effortless technology that is usable in numerous scenarios. However, the flexibility of its use creates opportunities to use it as a tool for fraud. Here’s a short list of some of the most common Zelle fraud techniques.
The most common attack strategy is impersonating a financial institution and targeting its customers with phishing messages. The customer receives an SMS text message explaining an error with their account or transaction. Typically, these imposter scams will include links or lead to phone calls where fraudsters can continue their scams.
Fraudsters will also attempt to steal an individual’s login credentials. If successful, they can take over the Zelle account and send money to another account. Account takeover attacks can be financially devastating.
Payment or refund scams persuade individuals that their Zelle account has an error and instruct them to “send another payment to themselves” to correct the mistake. The fraudster creates a second “spoofed” account that impersonates the target’s original account. When the transaction is complete, the target gives their money directly to the fraudster.
Facebook Marketplace is an online bazaar where shoppers can buy and sell personal items. On this platform, Zelle fraud can target both buyer and seller accounts. Buyers commit fraud by using Zelle to facilitate payment for an item, explaining they can’t meet or pay in person. After the payment, they submit confirmation of a fake payment with Zelle. In another scenario, a seller posts a phony product for sale on the marketplace and demands upfront payment through Zelle before sending the item or meeting. Once payment is received, the fraudster removes the listing and severs contact with the buyer.
Prize scams are common on the internet. In these scams, a target is informed that they have won the lottery or a valuable prize. To claim their winnings, they are told to submit a Zelle payment to cover associated fees.
Fraudsters typically find their targets on dating sites and social media, communicating and building rapport with them in preparation for a romance scam. Once the relationship is established, the fraudster pretends to have a crisis that requires immediate financial support and requests a Zelle payment for the money transfer.
Fraudsters notify their targets of a “too-good-to-be-true “ investment opportunity that they must act on immediately to secure their position. Payment can be made conveniently through the Zelle app.
These scams typically occur in two ways. In the first, a fraudster deceives the target into applying for a fake job opportunity. In the second, the fraudster impersonates a company the target has already used. Typically, the target is asked to pay for training materials or other fees during the interview process.
Charity scams capitalize on a target’s empathy. After a disaster or crisis, fraudsters send phishing messages to promote a fake charitable organization, raising money to benefit victims. They will promote false narratives and use emotional appeals to convince their target to send money through Zelle.
Similar to brand impersonation attacks, a fraudster assumes the persona of a trusted friend or family member and asks for a Zelle payment. This is another form of imposter scam.
RECOMMENDATIONS
Zelle Fraud Protection for Yourself and Your Brand
Zelle fraud is an attractive strategy for threat actors because Zelle does not offer purchase protection, refunds, or reversals. Zelle’s terms of service indicate that once a user submits a transaction, it is technically authorized, and the transaction is final. Congress has pressure to reform this standard, but there is no regulatory requirement at this time (December 2024). Contact your financial institution to ask how they would handle Zelle fraud should you be the target.
In the meantime, individuals and businesses must learn the indicators of phishing schemes, be diligent in watching for those scams, and behave to avoid them or limit their impact.
As an individual, here are three strategies to utilize with any suspicious email, text, or direct message you receive:
- Verify identities: Confirm through a different channel that the sender’s identity is legitimate. For example, if a coworker sends a message through email, try messaging them through Slack to confirm.
- Verify claims: Phishing messages often describe a crisis that must be addressed immediately, creating pressure on the target to act without thinking. Before taking action, always verify that the claims in the message are factual.
- Do not share sensitive information: As a general rule in both your personal and business life, do not share sensitive personal or financial information unless you first verify the identities of the other party and the legitimacy of the situation or request.
For businesses, it is vital to know that Zelle publishes the logo and company name of all who integrate Zelle into their application. This makes it easier for fraudsters to find new opportunities for brand impersonation. Once a logo goes on the Zelle site, fraudsters will take notice. Businesses need to take action before customers become victims of a Zelle scam.
Related Articles
-
Credit Union in U.S. South Supercharges Takedown CampaignsDo-It-Yourself Takedown Struggles A credit union based in the southern United States supports...
-
Fraudsters Steer Clear of Federal Credit UnionSleepless Nights and Overburdened IT Teams A federal credit union managing $3.06 billion...
-
Credit Union Reduces Security Threat from ZelleIntegrating Zelle without Putting Members at Risk Financial institutions must contend with a...
-
Damn Filters Recovers from Poisoned Search Engine ResultsPoisoned Search Engine Results Damn Filters, a leading company in Kansas, sells online...
-
Regional Bank Protects their Brand and CustomersEliminating the Precursor to Phishing and Fraud A regional bank managing $30 billion...
-
Service Credit Union Reduces Online FraudFake Sites, Frustrated Members, and Online Fraud Service Credit Union is an award-winning...