Popular brands are prime targets for spoofing, and Zelle®1 is no exception. Cybercriminals are targeting users of the popular payment app with convincing phishing emails with realistic images and formatting. Given that consumers and businessess sent over 2.3 billion payments using Zelle® in 2022, hackers have a rich field of potential victims.
One new Zelle® phishing email leans on social engineering and brand impersonation. The highly realistic-looking phishing email lures the recipient with the promise of money paid to them.
Clicking the link takes the user to a lookalike site and login page that will capture their Zelle® credentials. The scammer can then log in and steal funds.
The Phish
In this snapshot of the email, the biggest red flag is the sending domain of contact@exgloimportexport.com. Additionally, if users were to hover over the “click here” hyperlink and “Get Paid” button, they would see a shortened link, which makes it difficult to know where it will actually take them.