Phishing: Don't Take the Bait!

Man at a laptop with the word "security"

Someone calls the church office describing an emergency, claiming to be a staff member or leader. They have been robbed and need money wired to them ASAP.

Or congregation members receive emails that are requesting gift card donations for a charitable cause.

Religious groups and congregations are becoming easy targets for these types of scams. It's important for congregational leaders inform their members about these and similar scam and educate everyone on the official channels your congregation uses to accept donations.

Hackers are getting more sophisticated every day. The best defense is to encourage your employees, volunteers and congregation members to pause and look for warning signs before responding to any unsolicited email.

Phishing is a form of “social engineering,” whereby a hacker with bad intentions sends an email (or text or phone call) pretending to be someone the recipient trusts and asks the recipient to take an action which can have adverse effects. Sometimes, they request money. Other times, they invite the recipient to click a link or open an attachment that can trigger malicious code.

A good rule of thumb with emails you’re not expecting is to: (1) reach out to the sender through another channel (call, text, visit website) and (2) not click on a link (or send money, gift cards, etc.) without clarifying from the trusted source.

A gift card scam has been making the rounds of churches of all denominations.

To get a better sense of what to look for when receiving unsolicited emails, try this Google Phishing Quiz.

How Do Scammers Get Our Emails?

If someone is spamming a group of related people in a scam email there are several possible sources:

  1. The addresses are posted somewhere on the internet. This is more likely than you might imagine, since it's easy to scrape the web for addresses that are posted somewhere (once posted webpages tend to live a long time).
  2. Scammers have scraped the email address out of an email message in someones mailbox that they've compromised
  3. Scammers got lucky and found an email address that includes the recipients like Board@congregation.org.
  4. Scammers found an email list online and subscribed to it to grab the members list.

About the Author

UUA Information Technology Service Staff Group

The Information Technology Services Department develops and maintains the computing infrastructure and information systems necessary to support the mission of each staff group of the Unitarian Universalist Association. Our mission is to provide technical solutions, tools, and support to staff...

For more information contact .