A new impersonation scam targets users of the popular pay platform under the guise of the victim having money coming to them and with the goal to obtain Zelle credentials.
The goal of impersonating is as much to establish credibility as it is to leverage a brand with a large customer base to target. With over 67 million users, Zelle is a perfect brand to use if you’re a scammer looking to take victims for credentials that give you access to money and contacts (who you can further scam).
According to security researchers at security vendor Avanan, a new Zelle-themed scam includes an email with great presentation and a short URL that takes victims to a lookalike site:
The goal of these attacks, according to Avanan, is to establish credibility and rush the victim to forgo security checks, falling victim to the many possible scams this initial phishing email can lead to.
This serves as a reminder that all it takes is the right brand used in a phishing attack against a user utilizing that brand to make that person a victim. Whether it’s consumer-focused attacks – like the Zelle attacks – or ones impersonating business brands (e.g., Microsoft, UPS, banks, etc.), everyone needs to be aware of the possibility of such attacks and how to spot them quickly. Corporate users can undergo continual security awareness training to teach them how to spot an impersonation attack and keep from becoming its’ next victim.