The wildly popular payment app is a cybercriminals playground where users are easy prey for money laundering, scams, mules, and just plain old fraud.
We live in a world where yet another new popular app pops up and suddenly everyone is using it. So, it must be safe, right? In a word, never. The Zelle app connects individuals allowing easy payments to be sent right from the user’s bank account. It’s the inherent trust in an app that is the basis for Zell-related fraud. Take the example of a user wanting to pay for an item via Paypal – a vendor that provides protection against scams where paid-for items are never delivered, etc. The fraudster says they want to be paid via Zelle, and the assumption is that, because it’s a payment app like Paypal, it has the same protections. It doesn’t.
That doesn’t make Zelle a bad choice; it just means the individual needs to be aware of – and responsible for – what will and won’t happen once they send money to an individual they truly don’t know personally.
Zelle does have protective measures in place such as sending limits and real-time alerts, but ultimately it’s up to the individual to protect their money.
In the same way, organizations place users on the frontlines of cyberattacks where emails received are equally assumed to be legitimate (via social engineering tactics). However, instead of the user becoming the victim for a small amount of money, it’s the organization that pays the price via paid ransoms, remediating a data breach, and more.
So, like with Zelle, users need to understand their responsibility in helping to ensure organizational security. Through Security Awareness Training, users can be taught about the importance of good security practices, the need for vigilance when using email, the web, and apps, and how their actions can impact the organization.