New Scam Impersonates Zelle®

Popular brands are prime targets for spoofing, and Zelle^®1 is no exception. Cybercriminals are targeting users of the popular payment app with convincing phishing emails with realistic images and formatting. Given that consumers and businessess sent over 2.3 billion payments using Zelle^® in 2022, hackers have a rich field of potential victims.

One new Zelle^® phishing email leans on social engineering and brand impersonation. The highly realistic-looking phishing email lures the recipient with the promise of money paid to them.

Clicking the link takes the user to a lookalike site and login page that will capture their Zelle^® credentials. The scammer can then log in and steal funds.

The Phish

In this snapshot of the email, the biggest red flag is the sending domain of contact@exgloimportexport.com. Additionally, if users were to hover over the “click here” hyperlink and “Get Paid” button, they would see a shortened link, which makes it difficult to know where it will actually take them. 

Help Protect Your Payments 

The convenience and efficiency of payment apps like Zelle^® make it easy to send money. The speed at which Zelle^® operates also means you can’t cancel a payment once it has been sent, so it’s extra important to protect your login credentials.

Remember these tips:

• Don’t click on any links or attachments in payment emails. If you think there’s a payment waiting for you, log in directly to the application.
• Never share your password or one-time passcode with anyone.
• If you don’t know the person or aren’t sure you will get what you paid for, don’t use Zelle^®. Neither Zelle^® nor National Bank of Arizona offer a protection program for any authorized payments made with Zelle^®.      
• If you receive a suspicious email in your personal account, delete it. 

Banks are on the front lines when it comes to thwarting scammers, so if you have any questions about phishing attempts or financial scams, contact your local National Bank of Arizona branch.

1. U.S. checking or savings account required to use Zelle^® Transactions between enrolled users typically occur in minutes. See your Zelle^® Payment Service Agreement for more details. Standard text and data rates from your mobile phone carrier may apply. Available services are subject to change without notice. Zelle^® is intended for sending money to family, friends, and people you know and trust. It is recommended that you do not use Zelle^® to send money to people you don't know. Neither Zions Bancorporation, N.A. nor Zelle^® offer a protection program for any authorized purchase made with Zelle^®.

In order to send payment requests or split payment requests to a U.S. mobile number, the mobile number must already be enrolled in Zelle^®.

Zelle^® and Zelle^® related marks are wholly owned by Early Warning Services, LLC. and are used herein under license.