I-Team: Zelle blamed after Lexington teen’s bank account cleaned out by money transfer hackers

BOSTON (CBS) – Lexington High School senior Cogan Lawler was saving money he made teaching viola lessons and doing other odd jobs so he would have spending money in college.

But after hackers got into his phone, he said his entire savings of $1,050 and more was gone.

The family says scammers deposited fake checks totaling about $3,000 into Cogan’s Bank of America account through the mobile app on his phone. The thieves then transferred the money out using Zelle, a popular money transfer service included in the bank’s app.

“It’s pretty frustrating. That was a good amount of money for me,” he said. Because his account was linked to his parents account, the fraudsters were able to withdraw more than what Cogan had in his account.

Since it was fraud, Cogan thought the bank would refund his money, but Bank of America refused, saying the Lexington teen’s face was used to authorize the deposits and the Zelle transfers.

“I didn’t approve it. I didn’t authorize these transactions, that’s just the truth of the matter,” he said.

Looking for answers, WBZ-TV’s I-Team set up a meeting for Cogan and his mom with cybersecurity expert, Peter Tran. Tran says thieves can get into cell phones if a user clicks on texts or links that look legitimate. He also told us facial recognition on cell phones can be hacked.

“Facial recognition isn’t exactly the face, it’s a numerical representation of the face. [It is] different measurements, so it’s just a number. If they take that number and replay it into the app for access it can work,” Tran said.

Created by several major banks and offered within their own apps, Zelle is now a favorite for thieves because once the money is transferred out, it’s nearly impossible to get back.

In 2020, a study by Javelin Strategy and Research found that 18 million people were scammed using payment apps.

“Fraudsters go where the money is,” explained Ted Rossman of Bankrate.com. “They realize that there are vulnerabilities in the system and that they can be creative and kind of exploit it.”

The I-Team contacted Bank of America about Cogan’s case and while they wouldn’t discuss his account information a spokesperson said, “We thoroughly investigate fraud claims and reach a decision based on all the information we have available. We are always willing to reconsider a claim on request from a client.”

But the bank refused to reconsider Cogan’s claim or refund his money. After the theft, the family closed his account and deleted the app along with any evidence that according to Tran, may have proven he was hacked.

In April, Senators Elizabeth Warren and Robert Menendez sent a letter blasting Zelle’s parent company, Early Warning Systems, LLC. The letter criticizes the company for not doing enough to fight scams and protect consumers from thieves.