Be Vigilant: Social Engineering, Email Phishing, and Text Message Scams

It’s the Christmas season and social engineered attacks such as email phishing and text message scams are starting to appear in greater frequency.

Fraudsters are leveraging the opportunity to collect personal and/or corporate information by sending emails that lure unsuspecting victims to click on web links to nefarious websites or attachments. The attachments (such as PDF or Word documents) may be embedded with malware.  The documents or links may also ask for your email or network credentials to authenticate to your account.  DON’T BE TRICKED INTO DIVULGING YOUR PASSWORD, ACCOUNT INFO, or PERSONAL INFORMATION!

Victims have also been receiving emails from scammers who impersonate an individual or a corporate identity with whom you are familiar. The scam uses a sense of urgency to lure the individual to respond immediately by email or smartphone texting.  In some cases, the scammer is simply attempting to scam the victim out of money (like a gift card) or covertly collect personal and/or financial information for use later. The scammer uses a familiar looking name with a phony email address and might even include a photograph.  

This past week, the Diocese has received multiple reports that texts and emails have been received from a scammer impersonating Bishop Soto and pastors of the Diocese.  The imposter has most likely been cleverly collecting email addresses and mobile phone numbers from resources like parish bulletins and related websites. BE SKEPTICAL AND CLOSELY SCRUTINIZE THE ADDRESSES AND PHONE NUMBERS YOU RECEIVE UNEXPECTED EMAIL AND TEXT MESSAGES.  If you are not certain the email or text request is authentic, respond to the individual in person or call the individual using a phone number you know is correct. BUT DO NOT RESPOND TO THE IMPOSTER.

If you have been scammed or compromised via the internet, you should file a complaint with the FBI’s Internet Crime Complaint Center at Attached is a useful resource from SANS Institute regarding social engineered attacks.  If you have any questions, don’t hesitate to contact the Diocese by sending an email to the Chief Information Security Officer, Philip DeLeon, at or calling (916) 733-0299.