Zelle, the widely used and highly acclaimed money-transfer service, is now a prime target for cybercriminals. The simplicity of sending funds to friends or businesses through Zelle has made it appealing for hackers looking to cash in. Cybersecurity researchers at Avanan, a Check Point Software Company, have detected that hackers successfully impersonate Zelle to swipe money from unsuspecting users. In this report, we'll dive into the tactics employed by these hackers and how they deceive their victims.

  • Attack: Hackers create spoofed Zelle emails to steal money from end-users
  • Vector: Email
  • Type: Monetary Loss
  • Techniques: Social Engineering, Brand Impersonation
  • Target: Any end-user

The spoofed emails are meticulously designed, featuring the Zelle logo, grammatically correct text, and even a legitimate link to Zelle at the bottom of the message to lend an air of authenticity. However, the email contains a malicious "Tiny URL" or URL shortener, which directs victims to a page where they unwittingly send money to the hackers. Additionally, while claiming to be from "Zelle," the sender's email address has no connection to the company.


The mobile app company Zelle simplifies transferring funds to friends and businesses, making it an attractive target for cybercriminals. These hackers have become proficient in imitating Zelle to deceive end users and redirect their money transfers to their accounts. This analysis explores hackers' attack components and tactics to impersonate Zelle and defraud victims.

The Scam

One example shows a seemingly authentic email claiming to be from Zelle. The email features the Zelle logo, grammatically correct text, and a message telling the recipient they've received money from the platform. However, two red flags are a "Tiny URL" link leading to a hacker-controlled page and an email address unrelated to Zelle. To add a layer of credibility, the attackers include a legitimate Zelle link at the bottom of the message, but that's not the one they want their victims to click.

This email does an excellent job of spoofing Zelle. The Zelle logo is on point; the text is grammatically correct and makes sense. The email tells the end-user that they have received money from Zelle. Click on the button and get paid! Notice two things that are off–the URL, which is a "Tiny URL" or URL shortener, which does not go to Zelle but to a page that hackers will use to send money to the hackers. Second is the email address. While it says it's from "Zelle," the email address has nothing to do with Zelle. What's clever, though, is that at the bottom of the message is a legitimate link to Zelle. That adds a veneer of trust and legitimacy to this email. However, that's not the link the hackers want you to click. 

The Deception

As with many other popular sites, cybercriminals aim to impersonate Zelle to access users' funds. These hackers have done an impressive job replicating Zelle's appearance and language, even incorporating valid links. However, a single fraudulent link could land users in hot water. The attackers rely on users' haste and desire for quick cash, hoping they'll overlook critical details such as sender addresses and URL verification.

The Attack

In this attack, hackers send out well-crafted spoofed Zelle emails to trick users into sending money directly to them using social engineering and brand impersonation techniques. Cybercriminals convincingly mimic Zelle's email communications, luring users to click on a malicious link. The attack vector is primarily email, intending to cause monetary loss. The techniques employed include social engineering and brand impersonation, and the target audience is any Zelle end user. 

An example email displays an impressive imitation of Zelle, featuring the Zelle logo, coherent text, and a message informing the recipient that they have received funds via Zelle. Two concerning elements include a "Tiny URL" link leading to a hacker-controlled page and an email address unrelated to Zelle. Interestingly, a legitimate Zelle link is placed at the bottom of the message to establish trust and authenticity.

The Methods

Zelle has become a top-rated money-transfer service, making it easy for users to instantly send money to friends or businesses. Unfortunately, its popularity has also attracted the attention of hackers who are now spoofing Zelle to steal money from unsuspecting end-users. Researchers at Avanan, a Check Point Software Company, have prepared an analysis discussing the tactics used by these hackers to deceive their victims.

Zelle's popularity makes it a target for cybercriminals seeking to impersonate the platform and profit from unsuspecting users. The hackers have successfully replicated Zelle's appearance and language, even incorporating authentic links. In their rush to complete transactions, the attackers anticipate that users will neglect security checks and act impulsively, resulting in financial loss.

Defending Against the Threat 

Avanan researchers have provided guidance and recommendations to help protect against these attacks. To guard against these attacks, security professionals can do the following:

  1. Always verify the sender's address when interacting with an email
  2. Hover over all URLs before clicking on them
  3. Implement multi-factor authentication for sensitive accounts
  4. Educate end users on how to spot and report phishing attempts
  5. Ensure anti-phishing software and security solutions are up-to-date


The rise in popularity of Zelle as a money-transfer service has made it a prime target for cybercriminals. Hackers have become proficient in spoofing Zelle to deceive end users and steal their money. Hackers use social engineering and brand impersonation to create convincing email communications that lure users into clicking on malicious links.

To defend against such threats, security professionals must educate users on identifying phishing attempts, implement robust security measures, and update their security solutions. By taking these precautions, organizations and individuals can better protect themselves from cyber attack risks and maintain the convenience and security of using services like Zelle.