The consumer payments space has undergone a radical shift in recent years. A new breed of apps, including Venmo, Cash App and Zelle, now offer a fast, effective and free way for users to pay friends, family and selected small businesses. Launched in 2017 by a US banking consortium, Zelle is one of the most successful of these peer-to-peer (P2P) services, becoming by far the largest provider of its kind in the US by total payments sent: $490 billion in 2021.

Some 10,000 financial institutions now participate in its network, meaning Zelle can be accessed from countless banking apps, as well as downloaded as a standalone service. But although it’s generally considered to be a secure way to transfer funds, it has been criticized for offering little consumer protection from scams.

Indeed, just days ago, Zelle came under fire in a US Senate report, which stated that Zelle users lost some $440 million through fraudulent transactions in 2021. According to the report, banks are doing little to combat fraud and scams on Zelle and are generally reluctant to refund people who have fallen victim to con artists.

Couple these figures with the fact that incidents of fraud on Zelle are trending upwards and it's clear that you should be on the lookout for tricksters who take advantage of others' trust for their own gain and leave victims high and dry.

Zelle scams to watch for

There’s a lengthy list of tactics that fraudsters use to trick victims into sending them money. Here are the main ones to watch out for:

1. Impersonation scam

A scammer impersonates a family member or close friend, urgently requesting some funds to help them with an emergency. Or they may pretend to be a representative from a government agency, bank, utility or similar, demanding funds to cover a late payment or fine. Either way, once the money is sent, they disappear.

2. Overpayment

Facebook Marketplace is a magnet for Zelle scams. In one classic ploy, also used to extract money via Cash App and other services, a buyer sends a fake check to a seller for an amount exceeding the sale price of an item. They’ll then ask the seller to refund the overpayment via Zelle. If the latter does, they’ll lose that money before realizing the check itself is not legitimate.

3. Business upgrade

In another Facebook Marketplace scam, a buyer expresses interest in a product and asserts they will pay by Zelle. They then send the victim a fake email claiming a payment is pending, but that the buyer is using a business account which they have had to pay extra for. It requests the seller pay that fee back to the buyer in order for the initial payment to go through. However, the whole thing is a lie, and the seller ends up down whatever they paid the buyer in ‘fees.’

4. E-commerce scams

Online buyers beware: scammers are all over e-commerce and various social media sites, offering to sell in-demand items priced extremely low but for a limited period only. This pressure often causes the buyer to abandon their usual caution online. They pay by Zelle and the item never arrives.

To help highlight the risks of purchasing red-hot products on social media, ESET Chief Security Evangelist Tony Anscombe recently engaged in a conversation with a verified (though apparently hacked) Twitter account that claimed to sell PlayStation 5 consoles and requested payment via Zelle.

Conversation with a scammer (click to enlarge)

5. Romance scam

Romance scammers are past masters at social engineering: the art of the con. They’ll build up a strong rapport with their victim online, befriending them initially on dating sites. Once their mark has been sucked in, they’ll start to request money: for medical bills, air tickets and more. If sent by Zelle, there’s near-zero chance the victim will ever see that money again.

6. Fake invoice

The victim receives a legitimate-looking message or email from a company they do business with, requesting they click a link to review an invoice. Doing so will take them to a phishing page spoofed to appear like that business’s website, where they’ll be asked to enter personal details. Once in the scammer’s hands, these details will enable a takeover of the victim’s Zelle account.

7. Lottery scam

This works similar to the fake invoice scam, except the victim receives a communication telling them they’ve won some kind of prize and need only click a link to receive the winnings. Doing so will take them to a fake site encouraging them to enter their personal details again.

There are numerous variations of these two scams, all resulting in account takeover.

8. Malware

Phishing emails and texts can also lead to covert malware downloads, if the user is tricked into clicking on a malicious link. This effectively cuts out the stage where they enter their personal details. Instead, the malware might either steal logins or automatically hijack the Zelle account and transfer funds out.

9. Fake fraud department

A user receives a test from their ‘bank’ asking if they are attempting to transfer funds. If they reply, a scammer will call them, pretending to work for the bank. They will then run the victim through a list of instructions which they say will help to reverse the fraudulent transaction. In fact, it initiates a money transfer to the criminals.

10. Victim/refund scam

When an individual falls victim to a Zelle or other online scam, their details are often saved on file for follow-on fraud. Here, a scammer might call up pretending to work for an agency which can get their lost funds back. All the victim has to do is pay an upfront fee. Sadly, they will never get this money back either.

RELATED READING: Mobile payment apps: How to stay safe when paying with your phone

Can Zelle scam victims get their money back?

Zelle doesn’t require users to share any financial information in order to send funds, and individuals are usually authenticated via their bank, adding an important layer of security. However, much like Cash App and similar services, it doesn’t offer the same protections as credit and debit cards.

Zelle itself distinguishes between “fraud” – when an unauthorized third-party accesses a user’s account and transfers money out without the user’s knowledge – and “scams” where the user is tricked into sending the money themselves. In the case of the latter, there’s little chance they will get the defrauded funds back.

Indeed, according to the aforementioned report, banks don’t repay 90% of cases in which people were duped into making payments on the platform.

How to stay safe on Zelle

The tips for staying scam-free on Zelle are not dissimilar to those for avoiding fraud on Cash App and other P2P payment services. It involves being cautious of any unsolicited communication, improving account authentication and only sending money to people you trust. Consider the following:

  • Be skeptical: Never send money to anyone you don’t trust, and remember that if an offer seems too good to be true, it usually is.
  • Double check with the supposed sender: If you receive such a communication, contact the purported sender immediately to double check whether it’s legitimate or not. Never use contact details in the original message.
  • Be cautious of phishing emails, texts and phone calls: They make look legitimate, but will often try to rush your decision making so that you do something you’ll regret. Don’t ever provide your banking or other credentials to anyone.
  • Enhance authentication: If it’s not already enabled, add two-factor authentication to your banking or Zelle app, which will mean that even if scammers get hold of passwords and usernames, they won’t be able to hijack the account.
  • Improve mobile security: By downloading anti-malware software from a reputable vendor to your device. This will go a long way towards staying safe from phishing attacks and covert malware downloads.

The bottom line is, “if you don’t know a person or aren’t sure you’ll get what you paid for, using your credit card may be a better payment option” – that's according to Zelle itself. If there’s even a sliver of doubt in your mind, make sure online payments are made via methods which offer greater cardholder protection.

ESET Mobile Security main benefits