Scammers are trying everything nowadays. From tricking you with fake links on Instagram to masquerading as the U.S. government, there are few avenues that criminals won’t take to make a quick buck off of unsuspecting citizens. The problem has gotten so bad that even major companies are falling victim to these pervasive schemes.
Now, a new threat is starting to target consumers right where it hurts the most: their bank accounts. Utilizing a service that several banks employ for money transfers, criminals are able to steal thousands of dollars in the blink of an eye. On top of this, many people don’t even know they already have this service installed on their banking apps!
Having your personal data stolen is bad, but being robbed over the internet is another matter altogether. With how long it can take for banks to recover stolen funds, getting hit by this scam can put you in serious financial hot water. Learn how these criminals trick their victims, and what you can do to defend yourself.
Cybercriminals harness banking apps to steal users’ savings
If you haven’t heard of the Zelle app, you’re not alone. But if you use a major American bank like Chase or Bank of America, its service is probably already installed on your device. It’s one of the most widely used payment apps available, and its services are deeply integrated into the apps owned and operated by the biggest banks in the country.
Zelle is a digital payment system that facilitates instant transfers directly from user’s accounts. The platform can be used to send money between accounts, or even for direct peer-to-peer payments.
How are scammers using banking apps for crimes?
Zelle has enjoyed a reputation for safety, with its banking partners standing firmly behind its business model. The platform’s transfer speed and connection with the user’s bank accounts, however, has proven a boon for cybercriminals looking for a big score.
The scam begins, like most do, as a simple phishing scheme. Utilizing publicly available information, scammers will call their target and pretend to be their bank.
Oftentimes, the call will begin as a “fraud alert,” and the “bank” will wish to verify the target’s identity using a text code — just like you would see if you were trying to access your account from an unfamiliar computer.
Related: Email scams have more information on you than ever before
What the scammers are really doing, though, is forwarding their own verification code that allows them to log into your banking app’s account. Once inside, the scammers can easily start a transfer to their own accounts. Because of how fast Zelle works, the theft is usually complete in a matter of moments, giving fraud detection systems little time to act.
According to a report from NBC News, affected users are claiming to have lost hundreds of dollars in the fraud. Some have even lost thousands, with one individual reporting $6,400 dollars in losses thanks to the scammers.
Am I in danger from scammers on bank apps using Zelle?
Thankfully, banks are obligated to reimburse users affected by this kind of fraud — but it can take up to several weeks for the funds to return. For many people who live on a fixed income or have chronic health conditions, this simply isn’t an option they can afford.
As so many banks partner with Zelle, it’s not worth recommending that users discontinue using their bank apps or sending payments through Zelle. What is important to note, however, is that the scam cannot function without users giving cybercriminals access to their accounts.
By every definition, this is a phishing scheme with an element of “social engineering,” so knowing what to expect from the scammers is the strongest way to protect your finances.
If you receive a phone call from an unknown number, do not give the person on the other end any information under any circumstances. Banks do not typically ask for any kind of information over the phone like this — let alone calling your personal number out of the blue.
Related: Revealed! The biggest phishing spoofed companies and busiest phishing days
If you’re concerned that the person on the other end might be telling the truth, simply tell them you will call the bank yourself, hang up, and dial the number on the back of your credit or debit card. There, you can verify with a genuine banker that the information the caller gave you is accurate. Most of the time, it won’t be.
Some other important steps you can take are to enable text or email alerts from your bank. If you dial the phone number on the back of your card, the banker can help you set this up. That way, you’ll be alerted in the event of any deposits, withdrawals, or unusual activity on your account.
You can also ask them to set up two-step verification to further protect your identity from unwanted intrusions. As always with scammers, defense is the greatest offense you can ask for.
We reached out to Zelle for a comment, and the company emphasized that its platform had not been compromised by the scammers in question. According to Zelle, the current threat faced by users is squarely in the realm of social engineering and “account takeovers.” Their official statement is as follows:
“Zelle® is a fast, safe, and easy way to send money to people you trust – right from your mobile banking app. As with all digital payment technologies that provide consumers with greater convenience, there exists the potential for fraud. To protect consumers from fraud, Zelle, and its partnering financial institutions, apply layers of protection, including identity verification, multifactor authentication, send limits and real-time fraud alerts. In cases where a consumer’s bank account or debit card have been compromised, and unauthorized Zelle payments made, consumers have rights under the Electronic Funds Transfer Act. We recommend they contact their bank immediately to determine an appropriate resolution. – Early Warning, the network operator of Zelle”