author photo
By Bob Sullivan
Sat | Jun 29, 2019 | 7:23 AM PDT

I’ve written a lot about Zelle fraud in recent months, as banks keep erroneously rejecting victims' requests for "refunds" after their money is stolen. NBC recently reported on the story and asked me to help. Their piece does a good job of illustrating the scope of the crime—based on the email I’m getting, it’s far too common—but NBC’s Michell Tak found another twist in the crime that’s important for you to hear.

Criminals are getting very clever about evading two-factor authentication schemes. Tak interviewed Chrysanthi Rausch, of Columbus, Ohio, who was duped into coughing up a 6-digit text message sent by her bank that was supposed to keep her money secure.

"She was taking a nap on her couch two months ago when she got a call from a number she didn’t recognize," the NBC story reads. On the other end of the line was a woman who said she worked for KeyBank, Rausch’s local bank, calling to alert her of fraud in her account.

"They wanted me to verify my identity through a text code. So they sent me a text, and then I read the six numbers back," said Rausch, according to NBC.

"That was all it took, she said, for the fraudsters to create a Zelle account in her name and gain access to both her checking and savings accounts—all within hours of their phone call."

So there’s something else you have to worry about: two-factor text message authentication interception. Consumers should never give out text message codes in response to a surprise phone call. If a bank says it’s calling about fraud, hang up and call the bank back on its 1-800 number. It’s a pain, but that’s the best way to make sure a criminal isn’t posing as your financial institution.

You can see the video by clicking here.

If you don’t feel like watching, here is what I told NBC:

"The fraud we’re talking about today is a totally different kind of fraud," said Bob Sullivan, an author who tracks online bank scams, "where someone’s access has been stolen just like if someone stole your username or password to your online bank."

"It’s a simple proposition: the quicker the transaction is, the quicker a criminal can steal," Sullivan added. "This is almost engineered for crime."

All banking-related websites and apps are vulnerable to scammers. But experts say Zelle is a particularly appealing target because, unlike other peer-to-peer payment apps like Venmo, it’s embedded within banking apps and automatically connected to user accounts.

"When it launched, there were ads screaming on TV over and over saying, 'You can trust Zelle. It’s backed by the banks. It’s safe.' I mean they really traded on the safety of being associated with large banks," Sullivan said.

This article appeared originally here on BobSullivan.net.

Comments