Beware Of This Zelle Fraud Scam That Aims To Steal Your Bank Credentials

ransomware revil
As ransomware and cybercrime are constantly making the headlines these days in traditional electronic mediums, Zelle banking users are also finding themselves being targeted by scammers. Worse yet, in the wake of having funds stolen from bank accounts, victims are finding little to no help from their banking institutions in recovering the stolen cash.

People being scammed out of money via their Zelle account is not something new. It has been going on for several years. Cybercriminals have employed a multitude of tactics in swindling unsuspecting account owners out of large amounts of money. As those who are victimized reach out to their financial institutions in hopes of receiving help, they are being met with little support as banks refuse to lend a hand. This has left many in dire straits as they try and figure out how to recoup their hard earned money, and for some it has meant complete financial ruin.

The most recent of these ploys includes a text message sent to the person's phone that appears to come from their bank. The text indicates that someone attempted to take a large sum of money out of their banking account and deposit it into their Zelle account, which some do not even recall ever having. The message gives the option to reply "Yes", "No", or "1" to decline. Regardless of the option chosen, the recipients are then immediately called by someone claiming to be a bank representative. The incoming phone number is often spoofed as well, so that it appears to be coming from the person's bank. 

In order to "verify the identity" of the person they are calling, the caller will ask the customer for their online banking username. And then things get messy quick. As the customer gives the caller their username information, the criminal is using it to input into the bank's website. What the caller is actually doing is initiating some sort of transaction on the website in order to generate a "passcode". This is often done using the "forgot password" feature. Typically at this point the customer will receive either an email or another text, which is actually from the bank, with a one time passcode. The customer is then asked to read back that passcode to the caller. At this point the caller uses the code to reset the user's password, giving the scammer control over the entire online account.

fraud alert

Once the scammer has control of the bank account they then proceed to make various deposits to other accounts and empty out all the funds of the customer. Once the victim realizes what has actually happened, most people immediately reach out to their bank. Unfortunately, most people caught in this direct contact sort of phishing scheme then quickly find out that many banks are not willing to assist them in any way in recovering the stolen funds. The banks take the stance that the consumer initiated the transaction, and therefore does not fall under the Regulation E "unauthorized transaction" protection. The argument that the transaction was manipulated by another person in an attempt to steal their money and therefore not a lawful transaction, has sadly fallen on deaf ears so far for most.

To be clear, other methods of scammers do clearly fall under Regulation E protection. If someone else other than the bank account owner initiates the transaction, even if they manipulate the customer into sharing login credentials, the fraud is covered. But if a consumer initiates the transaction, even under false pretenses, the argument is not as strong and may be deemed not to be covered.

For anyone who has been taken for money by scammers like this and met resistance from their banks in recovering the funds, there is an opportunity to make your voice heard. The Consumer Financial Protection Bureau (CFPB) has taken aim at investigating tech-driven payment tools. In a recent statement it said, "Consumers expect certain assurances when dealing with companies that move their money. They expect to be protected from fraud and payments made in error, for their data and privacy to be protected and not shared without their consent, to have responsive customer service, and to be treated equally under relevant law."

The CFPB is collecting complaints from those who feel they have not been adequately helped by they financial institutions when it comes to fraud. If you feel you fall into this group of people, you can send an email to: You need to include "Docket No. CFPB-2021-0017 in the subject line of the message. You do need to hurry up though, because the deadline to submit your complaint is December 6, 2021.