New Scam Impersonates Zelle

Popular brands are prime targets for spoofing, and Zelle^® is no exception. Cybercriminals are targeting users of the popular payment app with convincing phishing emails with realistic images and formatting. Given that consumers and businessess sent over 2.3 billion payments using Zelle^® in 2022, hackers have a rich field of potential victims.  

One new Zelle^® phishing email leans on social engineering and brand impersonation. The highly realistic-looking phishing email lures the recipient with the promise of money paid to them.   

Clicking the link takes the user to a lookalike site and login page that will capture their Zelle^® credentials. The scammer can then log in and steal funds.  

The Phish  

In this snapshot of the email, the biggest red flag is the sending domain of contact@exgloimportexport.com. Additionally, if users were to hover over the “click here” hyperlink and “Get Paid” button, they would see a shortened link, which makes it difficult to know where it will actually take them.  

In an effort to try and legitimize this email, the links in the “Secure Message Center” and “Security Center” at the bottom of the email take you to the real Zelle^® page.  

Help Protect Your Payments  

The convenience and efficiency of payment apps like Zelle^® make it easy to send money. The speed at which Zelle^® opperates also means you can’t cancel a payment once it has been sent, so it’s extra important to protect your login credentials.  

Remember these tips: 

• Don’t click on any links or attachments in payment emails. If you think there’s a payment waiting for you, log in directly to the application. 
• Never share your password or one-time passcode with anyone.  
• If you don’t know the person or aren’t sure you will get what you paid for, don’t use Zelle^®. Neither Zelle^® nor CB&T offer a protection program for any authorized payments made with Zelle^®.  
• If you receive a suspicious email in your personal account, delete it. 

Banks are on the front lines when it comes to thwarting scammers, so if you have any questions about phishing attempts or financial scams, contact your local CB&T branch.