Over the past year, BlueVoyant’s cyber threat analysts have identified a significant rise in third-party phishing tactics, most recently with a recent campaign impersonating the Zelle digital payment service. By mimicking a reputable brand like Zelle, threat actors can better evade detection while collecting credentials and personally identifiable information (PII) from online users of hundreds of financial institutions in the United States. 

First observed in 2023, this phishing campaign uses social engineering tactics to lure victims with notifications of pending Zelle transfers, prompting them to select their financial institutions to receive the funds. This adaptive method increases the campaign’s credibility and victim cooperation, making it a formidable threat to U.S. banking customers. 

Download the report to: 

• Discover how third-party phishing campaigns exploit social engineering to target users of multiple financial institutions 
• Understand the sophisticated attack flow and data collection methods used in these phishing campaigns
• Gain actionable insights and mitigation strategies to protect your organization and its customers from third-party phishing threats