“Members don’t have to request to use Zelle. “The thing is, many credit unions offer it by default as part of online banking,” Otsuka said. Otsuka said in far too many account takeover cases, the victim has never even heard of Zelle, nor did they realize they could move money that way. By sharing their username and reading back the one-time code sent to them via email, the victim is allowing the fraudster to reset their online banking password. The fraudster then uses Zelle to transfer the victim’s funds to others.Īn important aspect of this scam is that the fraudsters never even need to know or phish the victim’s password. The fraudster then uses the code to complete the password reset process, and then changes the victim’s online banking password. “Then the fraudster will say, ‘I’m going to send you the password and you’re going to read it back to me over the phone.'” “In the background, they’re using the username with the forgot password feature, and that’s going to generate one of these two-factor authentication passcodes,” Otsuka said. Otsuka said a phone fraudster typically will say something like, “Before I get into the details, I need to verify that I’m speaking to the right person. Ken Otsuka is a senior risk consultant at CUNA Mutual Group, an insurance company that provides financial services to credit unions. In reality, the fraudster initiates a transaction - such as the “forgot password” feature on the financial institution’s site - which is what generates the authentication passcode delivered to the member. To “verify the identity” of the customer, the fraudster asks for their online banking username, and then tells the customer to read back a passcode sent via text or email. The caller’s number will be spoofed so that it appears to be coming from the victim’s bank. Here’s what one of those scam messages looks like:Īnyone who responds “yes,” “no” or at all will very soon after receive a phone call from a scammer pretending to be from the financial institution’s fraud department. Last week’s story warned that scammers are blasting out text messages about suspicious bank transfers as a pretext for immediately calling and scamming anyone who responds via text. What follows is a deep dive into how this increasingly clever Zelle fraud scam typically works, and what victims can do about it. Naturally, a great deal of phishing schemes that precede these bank account takeovers begin with a spoofed text message from the target’s bank warning about a suspicious Zelle transfer. One of the more common ways cybercriminals cash out access to bank accounts involves draining the victim’s funds via Zelle, a “peer-to-peer” (P2P) payment service used by many financial institutions that allows customers to quickly send cash to friends and family.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |