Exposed: The Bank of America Zelle Scam Stealing Money
Written by: Thomas Orsolya
Published on:
Recently, Bank of America customers have been targeted by a phishing scam involving Zelle, the bank’s money transfer service. This scam starts with a text message falsely claiming a suspicious Zelle transfer was attempted. If the recipient responds, scammers call spoofing the bank’s number to try and steal personal information.
This detailed guide will explain how the scam works, what to do if you are targeted, and how to stay safe from Zelle scams.
This article contains:
Overview of the Bank of America Zelle Scam
This scam begins when Bank of America customers receive a phishing text message falsely stating a suspicious Zelle transfer was attempted from their account. The message prompts recipients to reply “Yes” or “No”, appearing to come from the official Zelle service. If recipients respond, scammers call them shortly after spoofing the bank’s phone number.
Posing as Bank of America fraud prevention representatives, scammers request remote access to victims’ accounts to reverse the “unauthorized” transfer. Once access is granted, scammers can steal personal information and money. This scam exploits customers’ trust in Bank of America’s systems and concern about fraud to lower defenses. Losses from this scam can be devastating so it’s crucial to understand how it works and avoid being deceived.
The Anatomy of the Scam
Here are the key stages of how the Bank of America Zelle scam operates:
Phishing Text Message – Victims receive a text claiming an unauthorized Zelle transfer occurred, requesting confirmation if they attempted it or not. The message spoofs Zelle and Bank of America to appear real.
Spoofed Call from “Bank of America” – If recipients reply to the text, scammers call shortly after from a spoofed number showing as Bank of America on caller ID.
Fake Fraud Prevention – On the call, scammers posing as fraud prevention claim they need remote access to reverse the “fraudulent” transfer detected.
Tricking Victims – Victims are persuaded to download remote access software and grant scammers control of their computer and account access.
Account Draining – With access granted, scammers steal personal information and drain victim’s accounts of funds.
Vanishing Act – Once the theft is complete, scammers quickly disappear and victims are left with emptied accounts and no recourse.
This highly deceptive process allows scammers to completely drain victims’ accounts after gaining their trust and access. The text and call spoofing makes the scam appear credible and urgent, lowering defenses. But understanding each step can help identify red flags and avoid being deceived.
How the Bank of America Zelle Scam Works Step-By-Step
Now let’s explore exactly how the Bank of America Zelle scam unfolds and tricks customers into giving up crucial account access. Being aware of each step can help identify red flags before falling victim. Here is the detailed playbook:
1. Phishing Text Message Sent
The scam starts with victims receiving the following phishing text message:
“BofA: Did You Attempt Zelle Transfer for $3,402 Yes Or No?”
This message is designed to appear like an official fraud alert from Bank of America and Zelle. The amount of the “transfer” makes it seem credible and urgent. In reality, it is sent by scammers to prime victims for the next phase.
2. Recipients Reply to Text Prompt
If recipients respond “Yes” or “No” to the text, the scammers know the number is active. They now know to target the victim with a follow up phone call to execute the real scam. Had recipients ignored the text, scammers likely would have moved on.
3. Spoofed Call Made Shortly After Text Response
Within minutes of replying to the text, victims receive a phone call that spoofs the Bank of America customer service number. This tricks caller ID to display what appears to be an official call from the bank. In reality, it is the scammers calling from an internet phone system.
4. Fake Bank Fraud Prevention Agent Greets Callers
On the call, scammers greet victims posing as Bank of America fraud prevention agents, thanks them for responding to the text alert, and states suspicious activity was detected on their account. This ruse begins building trust and an air of urgency.
5. Scammers Say Unauthorized Transfer Occurred
Scammers now falsely claim the text they sent was due to detecting an unauthorized Zelle transfer of several thousand dollars from the victim’s account. This mirrors details from the phishing text, making the call seem credible.
6. Offer to Reverse the Transfer and Secure Account
After explaining about the “unauthorized” Zelle transfer, scammers offer to reverse the transaction and secure the victim’s account if granted remote access. This builds further trust while also progressing the scam.
7. Remote Access Requested to “Reverse Transfer”
Claiming they cannot reverse the fraudulent transfer without direct account access, scammers direct victims to a website and instruct them to download a remote access program like TeamViewer.
8. Victims Are Persuaded to Install Software and Grant Access
Through urgency and building trust, scammers persuade victims to install the remote software and grant access to their computer. All major banks warn never to allow remote access to prevent fraud.
9. Scammers Take Over Computer and Account Access
With remote access granted, scammers quickly take over the victim’s computer. From there they gain access to online accounts, downloading personal info and initiating transfers.
10. Money is Stolen and Personal Data Downloaded
Once inside accounts, scammers drain funds from checking and savings accounts via Zelle or other transfers. They also often download personal documents, account info, and contacts for identity theft.
11. Scammers Disconnect and Disappear with the Money
After draining all available funds and information, scammers quickly disconnect and disappear from the remote session. With accounts emptied, they move on to repeat the scam on other victims.
12. Victims Left with Emptied Accounts and No Recourse
Disconnected from their online banking, victims eventually realize accounts have been drained and identity stolen. But with scammers now gone, they have no way to reclaim stolen money or personal data now in criminal hands.
This highly detailed 12-step process reveals why this scam is so deceptive and effective. Understanding each stage makes it easier to identify red flags if targeted and avoid being manipulated into draining accounts and compromising personal data.
What to Do If You Fall Victim to the Bank of America Zelle Scam
If you realize you have fallen victim to the Bank of America Zelle scam, here are the key steps to take immediately for damage control:
1. Contact Bank of America to Freeze Accounts
Call Bank of America directly and explain you were scammed into giving remote access for fraud. Request they freeze accounts immediately to prevent further unauthorized transactions.
2. Change Online Banking Passwords
Assume scammers accessed all your financial accounts, not just Bank of America. Rapidly change passwords for online banking, retirement accounts, credit cards, or any other online finance logins. Enable two-factor authentication wherever possible.
3. Place Fraud Alert on Credit Reports
Contact Equifax, Experian and TransUnion to place a fraud alert on your credit reports. This will make it harder for scammers to open new credit in your name after stealing personal info. Renew the 90-day alerts if identity theft is confirmed.
4. Monitor Accounts Closely for Any Further Suspicious Activity
Carefully monitor all financial accounts and credit reports over the next few months for any additional unauthorized activity. Scammers may have collected info to continue stealing funds or using your identity. Ongoing vigilance is key.
5. File a Complaint with the FTC and FBI
Report the scam to the Federal Trade Commission and FBI’s Internet Crime Complaint Center. Provide all details of how the scam occurred and losses. This helps authorities track and prosecute scammers exploiting Bank of America customers.
6. Contact Local Authorities to File Police Report
File a police report about the fraud with your local law enforcement. This creates an official record that can help with recovering losses, credit issues, or identity theft problems. Give police as many specific details as possible.
If you act quickly after realizing you’ve been scammed, further losses may be limited. But reversing any unauthorized transfers will be difficult so preventing access originally is critical.
How to Keep Safe from Bank of America Zelle Scams
While scammers exploiting Zelle are sophisticated, there are key precautions Bank of America customers can take to detect and avoid being victimized by this scam:
Know Bank of America’s Policies
Bank of America states they will never call or text requesting sensitive information like account numbers, passwords, or access codes. Nor will they request remote access to your devices. Knowing legitimate policies helps spot scams.
Call Bank Directly If Unsure About Messages
Don’t reply to or call numbers provided in suspicious texts or emails claiming to be your bank. Locate official contact info and call Bank of America directly to ask if requests are valid.
Don’t Trust Caller ID
Scammers spoof legitimate phone numbers easily thanks to internet calling technologies. Verify identities of callers claiming to be Bank representatives before providing any sensitive account details.
Guard Account Credentials
Never share online banking usernames, passwords, PINs, or other account access details with anybody calling about “fraudulent” activity. Real bank reps will never request that info.
Decline Requests for Remote Access
No matter how credible a call seems, never grant remote access to your devices or accounts. Say no and hang up. Confirm directly with Bank of America if suspicious activity occurred.
Use Security Best Practices
Enable two-factor authentication and avoid using public WiFi for banking to better secure accounts. Monitor accounts regularly for any unauthorized transactions.
Understanding the Zelle scam playbook and smart security practices can help Bank of America customers detect red flags and avoid being manipulated. Stay vigilant for phishing texts or calls attempting to trick you into compromising your accounts and data.
Is Your Device Infected? Check for Malware
If your device is running slowly or acting suspicious, it may be infected with malware. Malwarebytes Anti-Malware Free is a great option for scanning your device and detecting potential malware or viruses. The free version can efficiently check for and remove many common infections.
Malwarebytes can run on Windows, Mac, and Android devices. Depending on which operating system is installed on the device you’re trying to run a Malwarebytes scan, please click on the tab below and follow the displayed steps.
Malwarebytes For WindowsMalwarebytes For MacMalwarebytes For Android
Scan your computer with Malwarebytes for Windows to remove malware
Malwarebytes stands out as one of the leading and widely-used anti-malware solutions for Windows, and for good reason. It effectively eradicates various types of malware that other programs often overlook, all at no cost to you. When it comes to disinfecting an infected device, Malwarebytes has consistently been a free and indispensable tool in the battle against malware. We highly recommend it for maintaining a clean and secure system.
Download Malwarebytes for Windows
You can download Malwarebytes by clicking the link below.
After the download is complete, locate the MBSetup file, typically found in your Downloads folder. Double-click on the MBSetup file to begin the installation of Malwarebytes on your computer. If a User Account Control pop-up appears, click “Yes” to continue the Malwarebytes installation.
Follow the On-Screen Prompts to Install Malwarebytes
When the Malwarebytes installation begins, the setup wizard will guide you through the process.
You’ll first be prompted to choose the type of computer you’re installing the program on—select either “Personal Computer” or “Work Computer” as appropriate, then click on Next.
Malwarebytes will now begin the installation process on your device.
When the Malwarebytes installation is complete, the program will automatically open to the “Welcome to Malwarebytes” screen.
On the final screen, simply click on the Open Malwarebytes option to start the program.
Enable “Rootkit scanning”.
Malwarebytes Anti-Malware will now start, and you will see the main screen as shown below. To maximize Malwarebytes’ ability to detect malware and unwanted programs, we need to enable rootkit scanning. Click on the “Settings” gear icon located on the left of the screen to access the general settings section.
In the settings menu, enable the “Scan for rootkits” option by clicking the toggle switch until it turns blue.
Now that you have enabled rootkit scanning, click on the “Dashboard” button in the left pane to get back to the main screen.
Perform a Scan with Malwarebytes.
To start a scan, click the Scan button. Malwarebytes will automatically update its antivirus database and begin scanning your computer for malicious programs.
Wait for the Malwarebytes scan to complete.
Malwarebytes will now scan your computer for browser hijackers and other malicious programs. This process can take a few minutes, so we suggest you do something else and periodically check the status of the scan to see when it is finished.
Quarantine detected malware
Once the Malwarebytes scan is complete, it will display a list of detected malware, adware, and potentially unwanted programs. To effectively remove these threats, click the “Quarantine” button.
Malwarebytes will now delete all of the files and registry keys and add them to the program’s quarantine.
Restart your computer.
When removing files, Malwarebytes may require a reboot to fully eliminate some threats. If you see a message indicating that a reboot is needed, please allow it. Once your computer has restarted and you are logged back in, you can continue with the remaining steps.
Your computer should now be free of trojans, adware, browser hijackers, and other malware.
If your current antivirus allowed this malicious program on your computer, you may want to consider purchasing Malwarebytes Premium to protect against these types of threats in the future. If you are still having problems with your computer after completing these instructions, then please follow one of the steps:
Scan your computer with Malwarebytes for Mac to remove malware
Malwarebytes for Mac is an on-demand scanner that can destroy many types of malware that other software tends to miss without costing you absolutely anything. When it comes to cleaning up an infected device, Malwarebytes has always been free, and we recommend it as an essential tool in the fight against malware.
Download Malwarebytes for Mac.
You can download Malwarebytes for Mac by clicking the link below.
When Malwarebytes has finished downloading, double-click on the setup file to install Malwarebytes on your computer. In most cases, downloaded files are saved to the Downloads folder.
Follow the on-screen prompts to install Malwarebytes.
When the Malwarebytes installation begins, you will see the Malwarebytes for Mac Installer which will guide you through the installation process. Click “Continue“, then keep following the prompts to continue with the installation process.
When your Malwarebytes installation completes, the program opens to the Welcome to Malwarebytes screen. Click the “Get started” button.
Select “Personal Computer” or “Work Computer”.
The Malwarebytes Welcome screen will first ask you what type of computer are you installing this program, click either Personal Computer or Work Computer.
Click on “Scan”.
To scan your computer with Malwarebytes, click on the “Scan” button. Malwarebytes for Mac will automatically update the antivirus database and start scanning your computer for malware.
Wait for the Malwarebytes scan to complete.
Malwarebytes will scan your computer for adware, browser hijackers, and other malicious programs. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Quarantine”.
When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes has detected. To remove the malware that Malwarebytes has found, click on the “Quarantine” button.
Restart computer.
Malwarebytes will now remove all the malicious files that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your computer.
Your Mac should now be free of adware, browser hijackers, and other malware.
If your current antivirus allowed a malicious program on your computer, you might want to consider purchasing the full-featured version of Malwarebytes Anti-Malware to protect against these types of threats in the future. If you are still experiencing problems while trying to remove a malicious program from your computer, please ask for help in our Mac Malware Removal Help & Support forum.
Scan your phone with Malwarebytes for Android to remove malware
Malwarebytes for Android automatically detects and removes dangerous threats like malware and ransomware so you don’t have to worry about your most-used device being compromised. Aggressive detection of adware and potentially unwanted programs keeps your Android phone or tablet running smooth.
Download Malwarebytes for Android.
You can download Malwarebytes for Android by clicking the link below.
In the Google Play Store, tap “Install” to install Malwarebytes for Android on your device.
When the installation process has finished, tap “Open” to begin using Malwarebytes for Android. You can also open Malwarebytes by tapping on its icon in your phone menu or home screen.
Follow the on-screen prompts to complete the setup process
When Malwarebytes will open, you will see the Malwarebytes Setup Wizard which will guide you through a series of permissions and other setup options. This is the first of two screens that explain the difference between the Premium and Free versions. Swipe this screen to continue. Tap on “Got it” to proceed to the next step. Malwarebytes for Android will now ask for a set of permissions that are required to scan your device and protect it from malware. Tap on “Give permission” to continue. Tap on “Allow” to permit Malwarebytes to access the files on your phone.
Update database and run a scan with Malwarebytes for Android
You will now be prompted to update the Malwarebytes database and run a full system scan.
Click on “Update database” to update the Malwarebytes for Android definitions to the latest version, then click on “Run full scan” to perform a system scan.
Wait for the Malwarebytes scan to complete.
Malwarebytes will now start scanning your phone for adware and other malicious apps. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Remove Selected”.
When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes for Android has detected. To remove the malicious apps that Malwarebytes has found, tap on the “Remove Selected” button.
Restart your phone.
Malwarebytes for Android will now remove all the malicious apps that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your device.
Your phone should now be free of adware, browser hijackers, and other malware.
If your current antivirus allowed a malicious app on your phone, you may want to consider purchasing the full-featured version of Malwarebytes to protect against these types of threats in the future. If you are still having problems with your phone after completing these instructions, then please follow one of the steps:
Restore your phone to factory settings by going to Settings > General management > Reset > Factory data reset.
Frequently Asked Questions about the Bank of America Zelle Scam
What is the Bank of America Zelle scam?
This is a phishing scam where Bank of America customers receive a text message falsely claiming an unauthorized Zelle transfer occurred, followed by a spoofing call from scammers pretending to be BofA fraud prevention representatives requesting remote access to reverse the “fraudulent” activity. This allows scammers to steal money and personal information.
How does the scam start?
It begins with a phishing text message asking “Did you attempt a Zelle transfer for $X?” to prime victims for the follow up spoofed call from “BofA fraud prevention”.
What happens during the scam call?
Scammers posing as bank reps claim they detected unauthorized activity and need remote access to reverse the fraudulent transfers. They guide victims through installing remote access software like TeamViewer and gaining account control.
How do scammers steal money and information?
Once granted remote access, scammers quickly initiate Zelle transfers to drain accounts. They also often download personal documents and account info enabling identity theft.
How can I avoid becoming a victim?
Hang up on any call asking for account access or credentials. Contact Bank of America directly to verify suspicious texts or calls. Never grant remote access to your devices or accounts. Enable two-factor authentication as added security.
What if I already fell victim to this scam?
Immediately contact Bank of America to freeze accounts and change online banking passwords. Place fraud alerts with credit bureaus, monitor your credit reports, and file complaints with the FTC, FBI, and local police.
How can Bank of America customers stay safe from scams?
Know BofA’s policies to detect spoofing. Call Bank of America directly if texts or calls seem suspicious. Don’t share sensitive account info with unverified callers. Decline remote access requests no matter how credible they seem.
How can I recover stolen funds?
Unfortunately reversing unauthorized transfers is very difficult. Contact your bank but chances of recovering funds are low. Take preventative steps like freezing accounts ASAP to limit losses. File a police report to document the fraud.
In Conclusion
This Bank of America Zelle scam exploits trusted bank platforms and brands to deceive customers into draining accounts and surrendering personal information. By mirroring official fraud prevention processes, scammers persuade victims into installing remote access software and granting account control. Within minutes, accounts can be drained and identities compromised.
If you receive a suspicious text or call claiming to be Bank of America fraud prevention, don’t reply. Contact Bank of America directly to confirm if any activity occurred. Follow security best practices and never grant remote access or account credentials to callers. Understanding this scam’s tactics provides the knowledge needed to detect risks and protect hard earned money. Just staying vigilant and verifying questionable requests can help avoid becoming the next victim.
How to Stay Safe Online
Here are 10 basic security tips to help you avoid malware and protect your device:
Use a good antivirus and keep it up-to-date.
It's essential to use a good quality antivirus and keep it up-to-date to stay ahead of the latest cyber threats. We are huge fans of Malwarebytes Premium and use it on all of our devices, including Windows and Mac computers as well as our mobile devices. Malwarebytes sits beside your traditional antivirus, filling in any gaps in its defenses, and providing extra protection against sneakier security threats.
Keep software and operating systems up-to-date.
Keep your operating system and apps up to date. Whenever an update is released for your device, download and install it right away. These updates often include security fixes, vulnerability patches, and other necessary maintenance.
Be careful when installing programs and apps.
Pay close attention to installation screens and license agreements when installing software. Custom or advanced installation options will often disclose any third-party software that is also being installed. Take great care in every stage of the process and make sure you know what it is you're agreeing to before you click "Next."
Install an ad blocker.
Use a browser-based content blocker, like AdGuard. Content blockers help stop malicious ads, Trojans, phishing, and other undesirable content that an antivirus product alone may not stop.
Be careful what you download.
A top goal of cybercriminals is to trick you into downloading malware—programs or apps that carry malware or try to steal information. This malware can be disguised as an app: anything from a popular game to something that checks traffic or the weather.
Be alert for people trying to trick you.
Whether it's your email, phone, messenger, or other applications, always be alert and on guard for someone trying to trick you into clicking on links or replying to messages. Remember that it's easy to spoof phone numbers, so a familiar name or number doesn't make messages more trustworthy.
Back up your data.
Back up your data frequently and check that your backup data can be restored. You can do this manually on an external HDD/USB stick, or automatically using backup software. This is also the best way to counter ransomware. Never connect the backup drive to a computer if you suspect that the computer is infected with malware.
Choose strong passwords.
Use strong and unique passwords for each of your accounts. Avoid using personal information or easily guessable words in your passwords. Enable two-factor authentication (2FA) on your accounts whenever possible.
Be careful where you click.
Be cautious when clicking on links or downloading attachments from unknown sources. These could potentially contain malware or phishing scams.
Don't use pirated software.
Avoid using Peer-to-Peer (P2P) file-sharing programs, keygens, cracks, and other pirated software that can often compromise your data, privacy, or both.
To avoid potential dangers on the internet, it's important to follow these 10 basic safety rules. By doing so, you can protect yourself from many of the unpleasant surprises that can arise when using the web.
Meet Thomas Orsolya
Thomas is an expert at uncovering scams and providing in-depth reporting on cyber threats and online fraud. As an editor, he is dedicated to keeping readers informed on the latest developments in cybersecurity and tech.
