This attack attempts to extort the recipient by claiming there are outstanding issues with their Zelle profile. As the popularity of money-transferring services has grown, the attacker is counting on engagement by posing as Zelle, which is a trusted company in the industry. 

By using persuasive and conversational language, the email urges the recipient to engage so their Zelle account functions properly. Additionally, the attacker offers extra money in the form of a “compensation fee” to further entice potential engagement. The email content utilizes common structures of legitimate correspondence from customer service desks, employing a question-and-answer format in an attempt to seem authentic. 

Traditional email security tools have trouble identifying this attack because it contains conversational content and lacks obviously malicious indicators. In contrast, AI-powered security solutions analyze known and unknown domains, sender reputation, and user behavior within organizations to accurately flag these emails as attacks.

Status Bar Dots
Zelle 1

This email attack bypasses traditional security solutions for multiple reasons, including the following:

  • Convincing message content: Persuasive content in messages is often used to trick the recipient into taking the desired action by preying on human vulnerabilities.
  • Use of legitimate-sounding sender names: Attackers use familiar names or well-known brands to gain trust and bypass security checks.
  • Lack of malicious payloads or attachments: Legacy security systems focus on detecting malicious payloads or attachments, while attacks containing only text are more difficult to detect.

This attack was detected using AI and ML by analyzing various factors, including the following:

  • Domain and sender reputation analysis: Evaluating the legitimacy of the sender's domain and email address helps identify unknown or suspicious sources. This domain does not match what would be expected from legitimate Zelle communications.
  • Email content analysis: Examining the email text, subject, and other elements aids in identifying potential phishing or malicious intent.
  • Entity relationship analysis: Studying the historical communication patterns and relationships between the email sender and recipient allows for identifying deviations from the norm. In this case, the recipient had never received an email from this address before.

By comprehending established normal behavior and identifying these abnormal indicators, a modern email security solution can thwart this attack from reaching inboxes. 

Please note the exact detection mechanism from Abnormal Security's system might include proprietary techniques and methodologies not disclosed here.

Analysis Overview




Payment Fraud


Look-alike Domain


Account Verification

Impersonated Party


Impersonated Brands


See How Abnormal Stops Emerging Attacks

See a Demo