BACKGROUND:
In ‘Zelle Fraud’ Scam: How it Works, How to Fight Back, Brian Krebs does a “deep dive” into just how the scam works. He interviews Ken Otsuka, of CUNA Mutual Group to discuss the process and weaknesses inherent in the current system that allow this scam to occur.
<p>This common example of social engineering implemented by savvy actors is a time-tested tactic. What I find interesting is when this approach is aimed at operational teams in traditionally “air gapped” critical infrastructure environments, signaling the importance of policies and training alongside technical solutions.</p>
<p>Despite widespread publicity of the scams involving the Zelle money transfer service, hackers continue to use social engineering to break into accounts. While the results aren’t in the range of the millions of dollars that ransomware attackers are demanding, individual losses can easily be in the thousands.</p>
<p>Hackers are calling Zelle users, posing as representatives of Zelle or the underlying bank, and tricking them out of providing the user name of their account. With the user name, they change the password in real time, giving them the data necessary to hack the account.</p>
<p>Social engineering represents one of the most common ways of obtaining personal information. The answer is to never, ever give out such information. While that’s easy to say, it’s hard to put into practice if someone is talking to you on the phone. But Zelle users need to resist the impulse to do so.</p>