Dealing with Email Impersonation
Examples of phishing email:
In recent months, the diocese has heard from a number of clergy and lay leaders that they are receiving phishing emails that ask for money, gift cards, or other favors from both members of the mission support staff (to include Bishop Brown), and from diocesan clergy. These emails also are sent to mimic parish and support staffs and are mailed to parishioners and clergy. The scheme involves cybercriminals, using a free email account with an impersonated name, mimicking priests, bishops, and leaders as well as church and diocesan staff. Criminals typically pose as personnel in positions of authority, send an email to an unsuspecting recipient, and ask victims for money transfers or gift cards. Others ask to pay invoices or send the attacker sensitive data. Or, in some cases, they are mimicking Facebook notifications. In these cases, the scammers will often manipulate the ‘from’ email address and name so that it appears to be coming from someone you know. In recent weeks, these scams have exploded across all denominations.
Below are a few suggestions:
- Check sender details carefully. Any suspicious email message should be investigated before replying. Pay careful attention to the actual email address, to the message content, attachments (don’t open if suspicious), and URLs.
- When in doubt and if anything looks suspicious, call: If there are questions about any email, NEVER reply or open an attachment. Instead, pick up the phone and call the mission support office – 302.256.0374.
- Label it spam: If your email service has the ability, report the email as spam.
- Know your church or organizations policies regarding email: For example; no member, including Bishop Brown, from the Mission Support Office will ever request funds or assisatance via email.
- Look out for other issues: Scams are not just about emails. Callers may identify themselves to be the IRS or other institutions, and will request money. These types of scams will target everyone, particularly the elderly.
- Always review and update your own passwords! Do not type your passwords anywhere, i.e. excel spreadsheet, word document, etc., rather use a trusted online password manager.
Going forward, if you or your church receives any suspicious emails, you can notify the United States Computer Emergency Readiness Team, or US-CERT, part of the Department of Homeland Security. Information and links are below:
- Report Phishing Attacks: the United States Computer Emergency Readiness Team has an Incident Reporting page to report email phishing, as well as an email to forward them to, at https://www.us-cert.gov/report-phishing
- Tips from the Department of Homeland Security Cyber Infrastructure Section
- Questions? Call Cynde Bimbi at the mission support office, 302-256-0374, extension 106