If you donate to your church or another institution regularly, you need to use caution due to a new phishing scam making the rounds online- the scammer impersonates your church leader or another leader by email and tries to solicit a “donation.” Many people have given money for apparent good causes that end up going entirely to the impersonator.
Victims of this scam have received emails or text messages claiming to be from their church leader requesting they purchase gift cards for needy parishioners or special projects. The email then instructs the victim to send pictures of the gift card redemption codes to the “church leader.”
Once the thief gets the redemption codes from the victim, the gift cards codes are easy to turn into cash through various online means. Why gift cards? It’s easier to convince someone to send a gift card than a wire transfer and harder for the authorities to trace. Your real church or institutional leader would never email or text you requesting gift cards or ask that you scratch off the codes and email him a picture of them.
People have lost thousands of dollars to this scam, which exploits people’s better natures.
Here’s how you can avoid this, and other online scams, by staying cyber aware online:
This example email is very similar to those that recipients received … “I need you to get an Amazon gift care for some patints going through liver cancer in the hospital and I promised to bring them each a gift card. will pay back as soon as I get back. Let me know if you can get it Much grace to you.”
Always be suspicious of emails or texts with unusual grammar or typos! These are clues that you are looking at a phishing email.
Messages such as this have gone out to churchgoers across the country spoofing bishops, pastors, priests, etc. How do they do this? Scammers can register an email address under the religious leader’s name, or a very similar one, and using an email address that is very similar to the real email address. For example, if your priest is named “Tim Harrison” with an email address of firstname.lastname@example.org, someone could register an email address under the name Tim Harrrison and use the email address email@example.com. When you are just glancing over an email – it could be easy to miss this small change.
Always verify with the apparent sender that she or he did send the email. This is important for telephone solicitations, too.
Never reply to an email or text or click a link without thinking about it. Were you expecting a message from this person? Does the request seem unusual? Are there odd typos/grammatical errors? Does the email address look not quite right? If you pause and think, you will probably save yourself money and heartache.
Want to learn more? A great online resource is the DHS sponsored STOP. THINK. CONNECT. website, here: https://www.stopthinkconnect.org/
Are you a victim of an online scam? You can report it to the FTC here: www.ftccomplaintassistant.gov
Editor’s note: Becky Rutherford works in information technology at Los Alamos National Laboratory.