Stop! I need your attention for a moment.
Stop everything you are doing right now and read this article. I promise you and your parishioners will be glad you did.
Cybercrime has been infiltrating our lives at home and in our parishes for years.
Parishes and religious communities are being targeted by a phishing scam where the attacker poses falsely as the priest and asks the recipient for money. It often begins like this. An email arrives in an unsuspecting person's inbox from an email address that is similar to but different than the priest's email address, something like [email protected] (notice the typo!) or [email protected].
The email might read something like:
Have you got a minute? I need you to complete a task for me discreetly.
P.S.: I'm going into a meeting now and can't talk, so just reply.
The parishioner then might respond saying that he's willing to help. If your priest asked you to help him with something, of course, you would say yes, right? The attacker is leveraging the trust that exists in parish communities between the priest and the parishioner. He then may reply with:
Okay good. I need you to get me some gift cards, I have a few people I want to send gifts to. Let me know if it's possible for you to do get them right now so I can tell you which product we would need and the amount, you will be reimbursed.
Does it sound suspicious? Yes!
Is it possible this is legitimate? Absolutely not! I can guarantee that your priest will never ask you to do something like this.
If you receive something out of the ordinary, be sure to ask! Call your priest or the church office to find out more. Or contact us (see below)!
So, the scam may continue like this:
What I need is an iTunes gift card of $400 face value (200 x 2). You'll get the physical cards at the store, scratch the back out and send me the pictures of the back of the cards revealing the pin here, you can keep the physical cards for me.
Once the parishioner sends the photos of the cards to the attacker, the money has now been transferred to the control of the attacker. Some parishioners across the Archdiocese have already been tricked into giving away hundreds of dollars!
What Can We Do About this?
The most important thing that can be done is education. Educate yourself and your parishioners about emails and phone scams like this.
A clergyman will never reach out to his parishioners via email to request financial assistance, or in this case, gift cards.
If email requests ever seem questionable
- Do not reply to the message, click on any links, or download any attachments.
- Try to verify the email by contacting the person or business directly via phone. Do not use the contact information provided in an email or a website connected to the request; instead, check your personal records or contact lists, or for a business, a previous statement or bill, for contact information.
Check out the links below for more information.
How to Report a Cybercrime
If you or your parishioners have become victims of a cybercrime, be sure to report it immediately to us and the following Federal agencies:
- Federal Trade Commission: https://www.consumer.ftc.gov/blog/2019/07/worshipers-targeted-gift-card-scam
- FBI: https://www.fbi.gov/tips
- Archdiocese Tech Support System: https://www.goarch.org/contact/helpdesk
Additional Articles to Learn More
- What is a Phishing Attack and Tips for Protecting Yourself https://blogs.goarch.org/blog/-/blogs/what-is-a-phishing-attack-and-tips-for-protecting-yourself
- New Phishing Scam Uses Church Pastors’ Names as Bait https://www.consumeraffairs.com/news/new-phishing-scam-uses-church-pastors-names-as-bait-031919.html
- Scammers Pose as Pastors in Email, Ask Faithful to Buy Gift Cards https://cruxnow.com/church-in-the-usa/2019/04/scammers-pose-as-pastors-in-email-ask-faithful-to-buy-gift-cards
- Webinar: CISA Physical Security and Cyber Security https://support.goarch.org/security
From the Departments of Internet Ministries and Information Technology, this bulletin insert provides important information about phishing scams.
- Color: https://bulletin-inserts.s3.amazonaws.com/internet-ministries/cyber-security-bulletin-2019-10-17-color.pdf
- Black & White: https://bulletin-inserts.s3.amazonaws.com/internet-ministries/cyber-security-bulletin-2019-10-17-bw.pdf