The Diocese has received multiple reports from parishioners receiving scam emails from an imposter who creates an email address using the pastor's name and then sends a phony email asking for money in the form of gift cards. The scam has recently evolved and parishioners are now receiving text messages from the imposter/scammer using the pastor's name and a local telephone number.
Typically, the scam is initiated when the parishioner receives a casual email or text message from the imposter with a subject like, "Many Blessings." The body of the email is written something like, "Good morning, how are you doing?" "I need a favor from you, email me as soon as you get this message." Then the email is signed using the pastor's name.
Unbeknownst to the recipient, he or she replies to an address that is not the pastor's, but an imposter's email address. This type of social engineered attack is commonly referred to as Phishing or CEO Fraud (the latter because the imposter uses the name of a person you trust or have a close relationship and plays on a sense of urgency). The next email usually asks the parishioner to buy gift cards and to transmit the photo of the gift cards with the numbers revealed to the imposter.
What is Phishing?
Phishing is an email or text message that will attempt to trick the recipient into doing something s/he wouldn't normally do (in this case emailing or texting the image of gift cards) because the request seems urgent, yet simple (like sending money, a bank or credit card number, or your email and network credentials). Close examination of the sender's email address will reveal that the address is not a legitimate email address for the actual person (like the pastor). But, it could be easily overlooked because the imposter will create an email address similar to the pastor's (e.g. FrJoe@gmail.com and use FrJoe@aol.com) that incorporates the pastor's name.
DON'T FEED THE PHISH ….
REMEMBER: A pastor or clergy member will never ask for gift cards electronically via email or text message!!
If you would like more information on how to protect yourself on the internet, go to the SANS website and subscribe to the OUCH! Monthly Newsletters.
If you believe you are a victim of an internet crime (no matter what the dollar value), go to the following website to file a report with the FBI Internet Crime Complaint Center. For more information, go to to their website https://www.ic3.gov/default.aspx.
Finally, the Chief Information Officer strongly suggests that all parishes post information in their bulletins for the next few weeks to bring awareness to parishioners about these phishing attacks. If you have any questions, please feel free to contact Philip DeLeon at (916) 733-0299.