Zelle Bank Impersonation Scam

Thursday, September 7th, 2023



As peer-to-peer (P2P) digital payment platforms like Venmo and Paypal rapidly grew in popularity for their ability to provide easy, convenient money transfers, several major banks collaborated to create Zelle. The new transfer application promised to be “the next big thing” in banking, yielding near-instantaneous transfers directly between banks. Unfortunately, with new digital technology comes increased risk.

As peer-to-peer (P2P) digital payment platforms like Venmo and Paypal rapidly grew in popularity for their ability to provide easy, convenient money transfers, several major banks collaborated to create Zelle. The new transfer application promised to be “the next big thing” in banking, yielding near-instantaneous transfers directly between banks. Unfortunately, with new digital technology comes increased risk. Cybercriminals exploit the quick transfer features to prey on unsuspecting users by impersonating a bank employee who has flagged fraud on accounts. A current source of contention regarding Zelle scams and money loss is whether the liability falls on the bank or the individual, resulting in banks refusing to refund the money to defrauded customers.


Fraud Alert: Did you make this transaction?

One woman shares how a hacker tricked her into believing they were a helpful bank employee who flagged fraud on her account but actually manipulated her into sending them $5,500. Known as a “me-to-me” scam, bank impersonators target Zelle account holders claiming that to recover the money, they must send the money back to themselves.

THE SCHEME: Rachel Adler, a Bank of America (BoA) customer, was duped into believing that her Zelle account was under attack by fraudsters, but the person claiming to be a Bank of America employee was the real threat actor. Ms. Adler received an unsolicited text from Bank of America claiming that several fraudulent charges on her Zelle were flagged by the financial institution’s fraud department. The text inquired as to whether she had made a $432 purchase at a Walmart in Texas. Ms. Adler replied no, and then her phone rang. A person claiming to be from the Bank of America Fraud Department calmly explained to her that suspicious activity was flagged and someone had withdrawn money using her Zelle account.

Continuing the scheme, the bank impersonator asked if she had sent $2000 in one transaction, another one for $1500, and further inquired about other transactions that totaled $5,500. He then explained that to recover the money, she would have to send the money back to herself. What she didn’t realize was that she was sending the $5,500 directly to the imposter. Doubling down on the scheme, the fraudster then explained to Ms. Adler to expect a fraud alert text from Bank of America for the transaction and to disregard it as he would rectify the issue while they were on the call. Within minutes, Bank of America sent a real text to Ms. Adler, flagging the transaction as suspicious transfer activity with another text warning – “Beware. Do you want to continue?” Heeding the instructions from the BoA imposter, she ignored the texts and followed through with “sending herself” the $5,500. The call ended, and the money was gone.


Ms. Adler fell victim to a common bank impersonation scam. What the story fails to share is that often, threat actors link their own Zelle or bank account to the victim’s phone number. So, when the victim is instructed to send money back to their own account, in actuality, they are sending it to the thief’s account. The New York Times reported a similar incident with Wells Fargo, where the victim, Justin Faunce, did not have his phone number linked to his Zelle account. The threat actor used Faunce’s phone number and linked it to his own account at Wells Fargo. At the direction of the Wells Fargo impersonator who was calling about potential fraudulent charges like in the Adler case, Faunce then proceeded to “send himself” the money to recover funds which were then transferred directly into the thief’s Wells Fargo account. In that incident, the victim was instructed to read back the real Wells Fargo verification codes to allow the transfer. In another fraud attack, New York resident, Ken Page-Romer, had $19,500 stolen from his Citi Group account after receiving spoofed fraud alerts through text messages from the financial institution.

The Federal Trade Commission (FTC) reported on June 8, 2023, that “bank impersonation is the most reported text scam, which accounted for $330 million in reported consumer losses in 2022.” The report also explains that these text scams are designed to deceive, and a “random sample of 1,000 text messages reported to the FTC, discovered that fake bank security messages, often supposedly from large banks like Bank of America and Wells Fargo, were the most common type.” The FTC additionally revealed that over 40% of text scams reported were either bank impersonation fraud alerts, offers for gifts, deliveries, or a job, or Amazon imposters.

While many will read these stories and think – that wouldn’t happen to me, consider that the incoming text and calls look legitimate, with caller ID identifying the bank as the caller. Additionally, fraudsters often provide stolen personal information for verification, which provides a level of credibility to the victim, who is already vulnerable and distracted by the worry that they have lost money. All of these incidents share a common element – a “psychological con” of the victim to get them to initiate the transaction or divulge sensitive data.


Individuals should always be skeptical of any unsolicited text or call from their bank, even if the caller ID identifies the financial institution as the sender/caller – especially if it claims to need an immediate response or attention. If you do receive a text or call:

  • Do not click on any links or respond to the text.
  • Do not share any information with a caller who may ask to verify information.
  • Never share your password.
  • Never share a verification code that was sent to your phone or email.
  • Set up two-factor authentication with your financial institution.
  • Do not engage in conversation with a caller – even if the caller claims to be an employee of a financial institution.
  • Always call the customer service number on the back of your card – do not follow a link or call a number given on the call or text.

A good piece of advice is that all Zelle transactions should be treated like cash.

THE DEFENSESTORM DIFFERENCE: Proactive Fraud Detection  

According to the Federal Rule, Regulation E, banks are only responsible for covering fraudulent activity if it is considered an “unauthorized” transaction. To clarify, if someone physically steals your bank card or card number and racks up charges, the bank is under regulation to refund the money. However, these particular incidents where victims approve the withdrawals or initiate a transfer are not considered “unauthorized” and, therefore, technically not the responsibility of the bank. PNC Bank revealed that “its customers reported 10,683 cases of unauthorized payments totaling over $10.6 million. It refunded only 1,495 cases, totaling $1.46 million.”

The best solution? Stop fraud BEFORE money ever leaves the account.

With a unique and proactive approach to fraud, DefenseStorm Fraud Detection tackles the challenge of detecting and preventing fraud by correlating both non-monetary and monetary activities, resulting in more effective response, resource preservation, and protection of brand reputation.

FIs can monitor, detect, and alert on suspicious activity across all departments, including Originations, Online and Mobile banking, and Internal Fraud. Because DefenseStorm Fraud Detection monitors when account information is changed, such as phone number or email address, followed by transfer activity, real-time alerting would have been used to block suspicious activity in these bank impersonation scams.  In addition, the change in volume of transactions or the amount of money involved in these cases would have been noted since account activity that is out of the norm for the user is flagged and investigated.

By leveraging DefenseStorm Fraud Detection, FIs can effectively mitigate risks associated with fraud, ensuring business continuity, and safeguarding their customer’s data and assets. The combination of proactive fraud detection and expert monitoring stops cyber fraud before potential threats become costly attacks.


IYKYK: The top text scams of 2022 – Federal Trade Commission (FTC)


New FTC Data Analysis Shows Bank Impersonation is Most-Reported Text Message Scam


Zelle fraud is rising. And banks aren’t coming to the rescue


Fraud Is Flourishing on Zelle. The Banks Say It’s Not Their Problem.


Bank of America imposters renew Zelle scam, telling victims ‘ignore fraud warnings’




Adam Barrett

Sr. Product Manager, Fraud Detection

Adam is the DefenseStorm Fraud Geek with an extreme passion for protecting financial institutions and the people who trust them to provide a safe banking experience. He is currently the Senior Product Manager for DefenseStorm GRID Active Fraud Detection product. With 25 years of experience in banking operations, fraud and risk, you would think he’s seen it all, however, the constantly evolving schemes keep him motivated to stay in the fight.