The Zelle / P2P fraud scam is widespread and has been making local and national news as the social engineering tactics used by fraudsters in this scam continue to evolve. A newer version of the scam has fraudsters, impersonating a Zelle user’s financial institution, conning the user into using Zelle to transfer funds to themselves using their mobile phone number under the guise that it will replace funds stolen from their account. However, the Zelle transfers go to the fraudsters.
The Zelle / P2P fraud scam continues to result in large fraud losses for credit unions. Fraudsters continue to target members of credit unions; however, they’ve adapted to a newer version of the scam that has made headlines across the country.
Here’s How It Works:
• Fraudsters send text alerts to users – appearing to come from their financial institution – asking the users if they attempted a large dollar Zelle transfer.
• Fraudsters immediately call the users who respond ‘NO’ by spoofing the FI’s phone number and claim to be from the FI’s fraud department.
• Fraudsters tell the users the Zelle transfers went through, but the funds can be recovered.
Fraudsters tell the users in order to recover the stolen funds they must use Zelle to transfer the funds to themselves using the users’ mobile phone number, but before doing so, the fraudsters instruct the users to disable their mobile phone number associated with their Zelle account.
Note: Fraudsters may have previously opened an account at the user’s FI (likely using a stolen identity) and establishes Zelle through the online or mobile banking channel linking the member’s mobile phone number to Zelle.
• When the fraudster links the user’s mobile phone number to the fraudster’s Zelle account, a 2-factor authentication passcode is generated and sent to validate the mobile phone number. The text message containing the passcode is actually sent to the user’s mobile phone; however, the fraudster cons the user into providing the passcode over the phone. (The text containing the passcode has the FI’s name which explains why fraudsters open a fraudulent account at the user’s institution.)
• The fraudster enters the passcode to activate the mobile phone number on their Zelle account.
• Users are instructed to Zelle themselves the funds.
The Zelle transfers actually go to the fraudsters.
Fraud Prevention Tips for Zelle
• Do not provide sensitive information to callers claiming to be from FAST. FAST will never ask for sensitive information such as Online Banking usernames, passwords or 6 digit multi-factor authentication codes when calling.
• A Zelle notification text from FAST will not ask for a Yes/No response.
• If you suspect you have been a victim of fraud , call FAST at 559-584-0922