Zelle is one of the most famous platforms to quickly send money to loved ones, friends, and family. However, now cybercriminals are taking advantage of it to get people’s account information.

Using clever tactics to fool clients, fraudsters are now taking advantage of the existence of Zelle to get customers to give them their account information. Once the person does, they quickly proceed to transfer the funds through this person-to-person platform.

Stories of people being scammed and losing money have alarmed some Zelle users, which is why clients must be careful with any suspicious message they get. This is especially the case if they’re supposed to respond with sensitive information like their account username or a one-time passcode. Here’s all about the ‘Zelle Fraud’ scam and how people can avoid it:

How it Works

Users first receive a text message that says someone else tried to transfer money to them using Zelle. People are supposed to answer ‘yes’ or ‘no,’ but regardless of what they answer, if they reply, they will soon receive a call from the scammer.

Overall, scammers want to talk to the person until they get the information they want. Therefore, they will use intelligent strategies to ask the client for their data, and once they get it, they will perform quick transactions in a matter of seconds. This can be a financial catastrophe for the person.

The number of the caller is spoofed, so people might think it’s the bank calling them. Once they pick up the phone, the fraudster will ask numerous questions to ‘verify the identity’ of the person, and this is how they get their banking information.

Fraudsters usually ask questions such as the following:

• “I need to make sure I’m speaking to the right person. Can you tell me your username?”
• “I need to ask a few questions to verify your identity. Can I have your username?”
• “Please, tell me your username, so I can verify your identity.”

Once the client gives the fraudster their username, the scammer will try to get the password by using the ‘forgot my password’ feature or even get you to cough it up. After that, they will typically tell them something along the lines of ‘I’ll send you the passcode and I want you to read it back to me.’

To complete the password reset process, the fraudster uses the code. After changing the client’s banking password, they use Zelle to transfer the funds to other accounts.

An essential part of understanding how the Zelle Fraud works is realizing that fraudsters don’t need the person’s bank account password at first. If they have their username and get the person to read them the one-time code they got via email, the scammers are able to quickly change their password and transfer money to different accounts using Zelle.

Furthermore, in many cases, victims of these fraudulent actions didn’t know what Zelle was and had no idea that it was a platform to move money.

Numerous banks and credit unions offer Zelle as a default part of their online banking services. Clients don’t necessarily need to request it – it’s just there, and people unknowingly fall for these scams without understanding what’s going on.

Fraud losses can escalate quickly in a matter of days, due to the number of clients that can become victims in very little time.

What Zelle Is Doing

To combat these issues, Zelle has introduced a way to authenticate transactions using their details. The person must send a text containing the payee and dollar amount of the Zelle transfer, and the member must reply to the text to authorize the transfer.

Nonetheless, fraudsters have found a way around these security measures as well. Otsuka said that scammers might stay on the phone with the person until they get both their username and a two-step authentication passcode to be able to log into their accounts.

After that, the fraudster tells the clients that they’ll receive a Zelle transfer details through text and that they must reply to authorize the transaction. If the client asks about the purpose of this, they will tell them that it will reverse the fraudulent movement of their funds.

Clients will call customer support, explain what happened, and try to get credit-card protection. However, they often face disappointment, and in the worst cases, financial ruin. In many cases, banks representatives have stated that the banks are not required to reimburse the customer for these phishing schemes.

Bank clients must be aware of the fact that they’re entitled to Regulation E protection, and banks must refund the stolen money.

How to Handle This

Bank clients must know that they have Regulation E protection. Therefore, even if they were manipulated into giving out their login details, the bank “should” give back the stolen funds.  Clients expect a sense of security and protection when they put their assets in a specific company. Thus, the bank must fulfill their expectations.

When a client signs up with a financial company, their data and privacy must be secure (and no one should have access to them without their consent). At the same time, the bank must protect them from fraud, errors in payments, provide them with trustworthy customer service whenever they need it, and representatives should treat them equally and respect their rights. But as we know, this is not always the case, and often when the client is victimized, because of their own error, the banks turn their head the other way.

Lastly, people should never forget the ‘Hang Up, Look Up, Call Back,’ motto. If someone suspects that they’re receiving a possibly fraudulent call, they should kindly tell the caller that they’ll hang it up.

Since most fraudsters claim they’re from a company the person knows, the client must look at the company phone numbers and see if they’re receiving calls from them. Then, customers should actually phone the company and ask if they have been calling.

Even though this is not a way to absolutely prevent scams from happening, it’s an effective strategy to avoid them. Fraudsters rely on people’s innocence to provide sensitive information when reputable companies ask for it, which is why customers must try to avoid giving it away so easily unless they’re sure that it’s the company they hired.

Robert is a security expert and private investigator with 30+ years experience, #1 Best Selling Amazon.com author of 5 books, and the architect of the CSI Protection certification; a Cyber Social Identity and Personal Protection security awareness training program. He is a frequent speaker and media commentator, and CEO of Safr.Me and Head Trainer at ProtectNowLLC.com. Robert has been featured on CNN, Fox News, CNBC, MSNBC, ABC World News Tonight, NBC Nightline, CBS Early Show, Today Show, Good Morning America and in the NY Times, Wall Street Journal, Time Magazine, Fortune, Forbes, Entrepreneur and many more.