This is NOT Fraud Advice--Zelle
Hola everyone -
It has been an exciting summer in the world of Fintech. I feel bad for Jason Mikula and Alex Johnson, who haven't slept in months as they cover the news.
But we are back to walk through a hot topic in the world of fraud: Zelle Scams.
This summer, executives from JPM, BofA, and Wells Fargo (the largest Zelle owners) will testify before a Senate Committee. The Committee is investigating the rise in Zelle fraud. In 2022, customers of these three banks submitted claims of $456 million lost to scams on Zelle. Often, banks push the loss to customers who unknowingly authorized these transactions.
Today, let's learn how we can make some money using Zelle.
Most Zelle fraud stems from one of two categories: (1) phishing or (2) fake goods or services. Let's focus on my favorite, the "Pay Yourself" scam.
The first thing we will do is spin up a business and open an automated texting account. Ideally, we will use a fake identity when setting this up. Let's go to the dark web and buy a couple of sets of PII from the recent Evolve Breach
Once we have the text message account set up, let's go back to the dark web and buy a list of 10,000 cell phone numbers. Now, we have a bunch of targets and a way to send them all a text message from a number that looks like a corporate account.
We will be impersonating JPMC because they service 80 million consumers, so our odds are high that some of the numbers on our list are customers.
Let’s craft a text message:
Chase: {{full_name}}, we have suspended your account due to suspicious activity.
Your Zelle account was used to authorize a $524.00 payment to Chris Johnson. Was this you? If you do not recognize this transaction, reply N. Reply HELP for more information. Please note: JP Morgan Chase will never ask for your bank account details via SMS.
Let's fire that off to our list of 10,000 cell phone numbers and wait for the replies to stream in. We will program the text service so that when someone replies "N," they will receive this text.
领英推荐
Chase: Thank you. One of our representatives will contact you shortly to block the transaction and re-authorize your account. Please note: JP Morgan Chase will never ask for your bank account details via SMS.
Now, we review the responses and give these concerned citizens a ring. We can follow this script:
You: Hi - is this {{full_name}}? Them: blah blah blah You: Well, I am glad we caught this. Since Zelle is an instant transfer, we must move quickly to ensure your money is recovered. The first thing we are going to do is reverify your account.
Now, you sign into a Zelle account with the person's phone number.
You: You are about to receive a one-time code from Zelle to verify your identity. Let me know when you have received. Them: Got it, it is 1234. You: Great, thank you.
Now you are in their Zelle account. You need to register a bank account you control as the recipient account.
You: What we are going to do is send the $524.00 to your own Zelle account to wipe the transaction.
This is the harder part of the scam. It is not apparent how sending money to yourself would help protect against fraud. But the good news is that most people don't know much about fraud. Like any hard-hitting sales process, the key is to emphasize urgency and make them think you are on their side.
Them: I am not sure about this. You: I totally understand, but with the new real-time payments we have launched at Chase, you are at risk of losing this money within an hour. We need to net out the charge to satisfy our internal systems and make sure your account is not debited.
Continue using banking words like "debited" to build trust and create confusion.
It may not always work, but eventually, you will have someone who goes ahead. You tell them to enter their phone number as the recipient and send the money. The money lands in your account since you have swapped your bank account into their Zelle recipient account.
You: Great, I just saw that it went through. I'm really glad we were able to catch this. I will transfer you to a customer success manager who will walk you through steps you can take to protect your account in the future.
Then bang, drop the call, unlink your accounts and go get a nice steak dinner with your new $524.
Passkeys are an excellent way to prevent phishing scams, especially when linked to a verified identity. But in the meantime, the best way to protect yourself is to know what to look for.
Thank you for highlighting such an important issue. As we continue to innovate in the digital finance space, what do you consider the most effective measures for preventing these types of scams?
Graphic Designer | social media |logos| visual identity | Freelancer
4 个月https://www.dhirubhai.net/posts/adham-elijla-%F0%9F%87%B5%F0%9F%87%B8%F0%9F%8D%89-49a97b226_gazagenocide-savechildren-humanabrrights-activity-7219259399268106240-Qv5o?utm_source=share&utm_medium=member_ios ?My dear friend, please, not the order to repost ?????????????
They can help you find the right solution for your financial needs.
Dynamic and motivated project manager with a proven record of generating and building relationships, managing projects from concept to completion, designing educational strategies, and coaching individuals to succeed.
4 个月be very careful with Zelle pay They have no fraud protection, they allow thieves, scammers, and criminals use their site to launder their money with the funds that they steal and embezzle from you Use PayPal, PayPal has fraud protection, unlike Zelle, who will tell you too bad you lost your money, but we will give it to the criminals, even though you saved us time with the investigation and you know the person’s name and phone number that they opened a Zelle account with we know where your money is, but it’s too bad Zelle pay is a rip off
Cybersecurity Advisor @ Google + Impact Investor
4 个月A few months ago, my wife received a scam call claiming to be the utility company threatening to shut off our electricity unless we made an immediate payment. Recognizing it as a scam, I took over the conversation to understand their tactics and waste their time. They directed me to make a payment via Zelle, using my bank account. I got the number they gave me and called them out for the scam. I reported the recipient's number to Zelle, but I'm unsure if any action was taken. This scam was surprisingly convincing and could easily fool those who aren't tech-savvy or are vulnerable to high-pressure demands.