Fraudsters Change Tactics in Person-to-Person (P2P) Fraud Scam
March 21, 2022
Person-to-Person (P2P) or Zelle fraud is widespread and has been making national and local news in recent months. As the fraudsters pivot to new tactics, the social engineering used by them is also evolving.
In the newer version of the scam, fraudsters, impersonating a Zelle user's financial institution, con the user into using Zelle to transfer funds to themselves using their mobile phone number under the guise that it will replace funds stolen from their account. However, the Zelle transfers go to the fraudsters instead.
Here is how it works:
Fraudsters send text alerts to users--appearing to come from their financial institution--asking the users if they attempted a large dollar Zelle transfer.
Fraudsters immediately call the users who respond 'NO' by spoofing the financial institution's phone number and claim to be from the fraud department.
Fraudsters tell the users the Zelle transfers went through, but the funds can be recovered.
Fraudsters tell the users in order to recover the stolen funds they must use Zelle to transfer the funds to themselves using the users' mobile phone number, but before doing so, the fraudsters instruct the users to disable their mobile phone number associated with their Zelle account.
When the fraudster links the user's mobile phone number to the fraudster's Zelle account, a 2-factor authentication passcode is generated and sent to validate the mobile phone number. The text message containing the passcode is actually sent to the user's mobile phone; however, the fraudster cons the user into providing the passcode over the phone.
The fraudster enters the passcode to activate the mobile phone number on their Zelle account.
Users are instructed to Zelle themselves the funds.
The Zelle transfers actually go to the fraudsters.
Hundreds of complaints have flooded the Consumer Financial Protection Bureau, Zelle and financial institutions, but because the transfers are initiated by the user, it is very difficult to recover the funds.
We encourage our members to utilize caution with person-to-person payment channels like Zelle, Venmo, and CashApp as these funds are typically not recoverable if sent to the wrong person or you are a victim of fraud.
If you believe you have been a victim, we encourage you to communicate with the police, the credit union and the Consumer Financial Protection Bureau. If something doesn't feel quite right, it typically isn't. Stop and contact someone you trust.