Zelle Phishing Scams: Protect Your Credit Union and Members

Zelle Phishing Scams
Cybersecurity / Risk & Compliance

Zelle Phishing Scams: Protect Your Credit Union and Members

We’ve recently uncovered a concerning trend in the realm of online security: a sophisticated phishing kit designed to exploit credit union members through Zelle transactions. Zelle, a widely trusted platform, has become the latest target for cybercriminals aiming to steal sensitive personal information. Rather than replicating a credit union’s website to trick users into divulging login credentials, this scam presents itself as a notification about a pending Zelle payment. Users are directed to a fake Zelle site hosted on platforms like Cloudflare pages[.]dev. Upon clicking, they encounter a message prompting them to select their financial institution to receive the payment.

The opening screen on the Zelle website tells the user they have money waiting for them and to select a financial institution.

Clicking the Start Search button will take you to a form to start a search for your financial institution.

Our investigation identified at least 941 financial institutions, with 495 being credit unions, listed within this phishing kit. We expect this number to grow over time. Once a user selects their credit union, they’re assured that Zelle services are available and encouraged to proceed. The scam further deceives victims by customizing panels with the credit union’s branding, enhancing its credibility.

Continuing through the process, users are led to a page mimicking their credit union’s online banking login. Unlike legitimate platforms, this page requests unique identifiers such as membership numbers rather than email addresses. Subsequent stages of the scam involve soliciting additional personal information, including email addresses, passwords, and, eventually, credit/debit card details.

This pane does not accept email addresses as the username and looks for something that is more akin to a membership number, even ensuring enough digits are entered.

Once you have gone this far, it requests more information, including your email address and password, as part of its security check. Hopefully, the request for the email account password will be a red flag for many members who get this far to go no further and report their online banking as potentially compromised.

If the member does complete the email security check, they will be led to one more verification where they are requested to verify the account through their Credit/Debit card.

If users fall prey to these tactics and provide the requested information, bad actors gain access to sensitive data, enabling them to perpetrate further fraud. This could range from issuing new cards to seizing control of online accounts, effectively locking out legitimate members.

To combat this threat, it’s crucial to educate credit union members about these scams and advise them not to engage with suspicious requests. Remind members that Zelle setup should be conducted through their credit union’s official channels, and any unusual requests should raise immediate red flags. In addition to educating members, consider implementing a comprehensive marketing campaign to raise awareness about various scams targeting credit union members. Utilize email communications, statement inserts, and website notifications to keep members informed and vigilant against such threats. By staying informed and proactive, we can collectively mitigate the risks posed by phishing scams and protect the integrity of our credit unions and members’ financial well-being.