The best way to avoid scams is to know what to look for.
The “Pay Yourself Scam” begins with a text message from a scammer that looks like a fraud alert from your bank. If you respond to the text message and engage the scammer, you’ll receive a call from a number that appears to be your bank. The scammer pretends to be a representative from your bank or credit union and offers to stop the alleged fraud. In reality, the scammer is actually tricking you into sending money to their own bank account.
Here’s how they scam you:
When you enroll with Zelle®, your bank sends you a security code to verify your identity. The scammer lies that they need this passcode to authorize your payment to yourself. If the scammer is given the one-time passcode, they’ll be able to enroll THEIR bank account with Zelle® using your email or phone number. Now the money you thought you were sending to yourself is sent directly to their bank account.
Remember, your bank will never ask you to send money to yourself.
If you detect suspicious activity, hang up and contact your financial institution directly at the number listed on the back of your bank-issued debit card, in your banking app, or the bank’s official website.
How can you tell this is a phishing email?
The only domain extension used by Zelle® is @Zellepay.com. Zelle® does not use <@gmail.com> or any other domain such as <@aol.com>, <@yahoo.com>, or any other common email domain.
How do I know an email is legitimately from Zelle®?
Look at the domain at the end of the email string. If it’s from Zelle® or your bank, the domain will be @Zellepay.com or @YourBank.com. Be sure to look for misspellings.
What should I do if I receive an email like this pretending to be from Zelle®?
- Do not click any links in the email and report the scam to Zelle®
- Contact your bank or credit union directly to report the scam
- Report the scammer directly to the FBI Internet Crime Complaint Center
- Don’t reply to any texts or calls even if it seems to be from Zelle® or your bank. If it’s a call, hang up and call your bank directly
The Federal Trade Commission (FTC), recommends these additional reporting steps:
- Report the phishing attack to the FTC at ReportFraud.ftc.gov
- If you got a phishing email, forward it to the Anti-Phishing Working Group at email@example.com
- If you got a phishing text message, forward it to SPAM (7726)
Check out these resources to learn more about how to recognize, avoid and report phishing scams: