How to reduce harm from “phishing” email fraud
In the diocesan office this week, we’ve seen an increase in reports of a type of email fraud called “phishing.” Scammers will set up a new email address using the name of someone you trust: your rector, your bishop, or a member of the diocesan staff. Then they’ll email you to ask you for money, ask you to open a link, or ask you to open an attached file.
Here’s an example:
If you look closely, you’ll see that spammer has set up an email account with the email address terry[a]4ever.com.hk. And in place of their real name, they’ve put the email address of the rector of a parish here in CNY. If someone wasn’t looking closely, they might click the link and end up inadvertently downloading a virus.
You can learn to spot and avoid these attacks and help keep your congregation and diocesan community safe from email fraud.
What can I do about this?
- Learn about phishing and how to spot it. This article from the Episcopal Diocese of Newark is a great resource: “‘Whaling’ email attacks: How to foil them.“
- Check email addresses closely before opening attachments or clicking links, and never provide personal information, cash, or gift cards over email. If in doubt whether an email is fraudulent, pick up the phone and call the person.
- Help protect others by spreading the word. Here’s an example announcement you could make, or add to your worship bulletin or newsletter:
Email fraud alert: Members of our diocese have reported increased levels of email fraud attempts lately. Spammers are sending emails posing as your rector/priest, your bishop, members of the diocesan staff, or other trusted individuals. Please check email addresses carefully before opening attachments or clicking links, and never provide personal information, cash, or gift cards over email! Learn more at cnyepiscopal.org/phishing
- Change your email password regularly, and keep it secure.