Safe Banking Practices

Keeping You Informed!

The ‘Zelle scam’ is spreading quickly across the U.S.

Unsuspecting consumers are giving criminals access to their bank accounts

Mark Huffman
Consumer Affairs

A new scam has gained momentum with the start of 2022, stealing thousands of dollars from
unsuspecting bank customers.

Scammers are using Zelle, the peer-to-peer payment system offered to consumers through
their financial institution. Zelle works like Venmo and other payment systems, allowing users
to send money from their bank accounts to friends and family.

Unfortunately, security experts say criminals are using Zelle to drain victims’ bank accounts.
Like many scams, this one is based on the claim that the scammer is trying to protect the
victim from fraud.

The target receives a text that appears to be from their bank asking if they attempted a Zelle
transaction. Regardless of how they answer, the target next receives a phone call from the
scammer, who spoofs the number so it shows up as coming from the target’s bank.

The victim will then receive a set of instructions that ultimately winds up compromising their
bank account information. The scammers use the information to withdraw funds and make off
with their ill-gotten gains.

The difference between fraud and scams

One victim of the scam told KGO-TV in San Francisco that she followed a scammer’s
instructions to transfer the money in her Zelle account to her bank account. However, she
was first asked to change some of her account information.

While it appeared the money was transferred into her account, the scammers were waiting to
drain her account. She said she only had $6 left in her account by the end of the ordeal.

Zelle draws sharp distinctions between fraudulent activity and scams. If the victim did not
authorize a transaction, then the theft is fraud and the victim can usually be reimbursed. It’s a
different story if the victim acts on instructions from a scammer.

“Even if you were tricked or persuaded into authorizing a payment for a good or service
someone said they were going to provide, but they didn’t fulfill it, this would be considered a
scam,” Zelle says on its website. “Because you authorized the payment, you may not be able
to get your money back.”

That makes these types of financial scams extremely dangerous. Zelle users should be
aware that they could become targets as the scam continues to spread. Those who respond
to a fraud text and then get a phone call, allegedly from their bank, should hang up
immediately. They should then call their bank’s customer service line directly and ask if the
fraud alert is real.

Tips and Advice To Help Keep You And Your Information Safe

KEEP A CLEAN MACHINE

  • Keep Security Software Current: Having the latest security software, web browser, and operating system are the best defense against viruses, malware and other online threats.
  • Automate Software Updates: Many software programs will automatically connect and update to defend against known risks. Turn on automatic updates if that’s an available option.
  • Protect All Devices that Connect to the Internet: Along with computers, smartphones, gaming systems, and other web-enabled devices also need protection from viruses and malware.
  • Plug & Scan: USBs and other external devices can be infected by viruses and malware. Use your security software to scan them.

PROTECT YOUR PERSONAL INFORMATION

  • Lock Down Your Login: Fortify your online accounts by enabling the most robust authentication tools available, such as biometrics, security keys, or a unique one-time code through an app on your mobile device. Your usernames and passwords are not enough to protect key accounts like email, banking, and social media.
  • Make Your Password A Sentence: A strong password is a sentence of at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember (for example, “I love country music”). On many sites, you can even use spaces!
  • Unique Account, Unique Password: Separate passwords for every account helps to thwart cybercriminals.
  • Write It Down And Keep It Safe: Having separate passwords for every account helps to thwart cybercriminals. At a minimum, separate your work and personal accounts and ensure that your critical accounts have the strongest passwords.

CONNECT WITH CARE

  • When In Doubt Throw It Out: Links in emails, social media posts, and online advertising are often how cybercriminals try to steal your personal information. Even if you know the source, if something looks suspicious, delete it.
  • Get Savvy About Wi-Fi Hotspots: Limit the type of business you conduct and adjust the security settings on your device to limit who can access your machine.
  • Protect Your $$: When banking and shopping, check to ensure the site is security enabled. Look for web addresses with “https://” or “shttp://,” which means the site takes extra measures to help secure your information. “Http://” is not secure.

BE WEB WISE

  • Stay Current: Keep pace with new ways to stay safe online: Check trusted websites for the latest
    information, and share with friends, family, colleagues and encourage them to be web wise.
  • Think Before You Act: Be wary of communications that implore you to act immediately, offer something that sounds too good to be true, or ask for personal information.
  • Back It Up: Protect your valuable work, music, photos, and other digital information by making an electronic copy and storing it safely.

BE A GOOD ONLINE CITIZEN

  • Safer For Me, More Secure For All: What you do online has the potential to affect everyone – at home, at work, and around the world. Practicing good online habits benefits the global digital community.
  • Post Online About Others As You Have Them Post About You: The Golden Rule applies online as well.
  • Help The Authorities Fight Cyber Crime: Report stolen finances or identities and other cybercrime to the Internet Crime Complaint Center (www.ic3.gov) and to your local law enforcement or state attorney general as appropriate.

OWN YOUR ONLINE PRESENCE

  • Personal Information Is Like Money. Value It. Protect It.: Information about you, such as your purchase history or location, has value – just like money. Be thoughtful about who gets that information and how it’s collected through apps and websites.
  • Be Aware of What’s Being Shared: Set the privacy and security settings on web services and devices to your comfort level for information sharing. It’s OK to limit how and with whom you share information.
  • Share With Care: Think before posting about yourself and others online. Consider what a post reveals, who might see it, and how it could be perceived now and in the future.

SOCIAL ENGINEERING

Social engineering is the art of manipulating people, so they give up confidential information. The types of information these criminals are seeking can vary, but when individuals are targeted the criminals are usually trying to trick you into giving them your passwords or bank information, or access your computer to secretly install malicious software–that will give them access to your passwords and bank information as well as giving them control over your computer.

Criminals use social engineering tactics because it is usually easier to exploit your natural inclination to trust than to discover ways to hack your software.  For example, it is much easier to fool someone into giving you their password than for you to try hacking their password (unless the password is weak).

Security is all about knowing who and what to trust. It is essential to understand when and when not to take a person at their word and when the person you are communicating with is who they say they are. The same is true of online interactions and website usage: when do you trust that the website you are using is legitimate or is safe to provide your information?

Ask any security professional, and they will tell you that the weakest link in the security chain is the human who accepts a person or scenario at face value. It doesn’t matter how many locks and deadbolts are on your doors and windows, or if you have guard dogs, alarm systems, floodlights, fences with barbed wire, and armed security personnel. If you trust the person at the gate, who says he is the pizza delivery guy, and you let him in without first checking to see if he is legitimate, you are exposing yourself to whatever risk he represents.

Below are Social Engineering Red Flags To Help Keep You Aware:

social engineering, red flags

Identity Theft Protection

We recommend that you remain vigilant for fraud or identity theft incidents by reviewing your account statements and free credit reports for any unauthorized activity. You may obtain a copy of your credit report, free of charge, once every 12 months from each of the three nationwide credit reporting companies. To order your annual free credit report, please visit www.annualcreditreport.com or call toll-free at 1-877-322-8228.

Important Links:

If you believe you are the victim of identity theft or have reason to believe, your personal information has been misused, immediately contact the Federal Trade Commission or the Attorney General’s Office. Additional information from the FTC about steps you can take to avoid identity theft as well, as information about fraud alerts and security freezes, can be obtained by calling, toll free, 1-877-IDTHEFT (438-4338) or visiting www.ftc.gov/idtheft. You should also contact your local law enforcement authorities and file a police report. We recommend obtaining a copy of the policy report if asked to provide documents to creditors to correct your records.

Helpful Resources

Better Business Bureau®

Department of Homeland Security

Stay Safe Online