Email Impersonation

Dealing with Email Impersonation

Examples of phishing email:

The above image shows an attacker mimicking Bishop Brown. The first hint is that Bishop Brown does not and will never send an email or text soliciting assistance. Secondly, the email for Bishop Brown is not his email address.

The above image shows an attacker mimicking Facebook. What to notice in this email is the from and reply email addresses, as well as the content — ‘Your Friend’. Facebook would use your friends Facebook name. In any case, it would always be best to view any new Facebook posts from your Facebook app or browser and not from email notifications.

In recent months, the diocese has heard from a number of clergy and lay leaders that they are receiving phishing emails that ask for money, gift cards, or other favors from both members of the mission support staff (to include Bishop Brown), and from diocesan clergy. These emails also are sent to mimic parish and support staffs and are mailed to parishioners and clergy. The scheme involves cybercriminals, using a free email account with an impersonated name, mimicking priests, bishops, and leaders as well as church and diocesan staff. Criminals typically pose as personnel in positions of authority, send an email to an unsuspecting recipient, and ask victims for money transfers or gift cards. Others ask to pay invoices or send the attacker sensitive data. Or, in some cases, they are mimicking Facebook notifications. In these cases, the scammers will often manipulate the ‘from’ email address and name so that it appears to be coming from someone you know. In recent weeks, these scams have exploded across all denominations.

Below are a few suggestions:

  • Check sender details carefully. Any suspicious email message should be investigated before replying. Pay careful attention to the actual email address, to the message content, attachments (don’t open if suspicious), and URLs.
  • When in doubt and if anything looks suspicious, call: If there are questions about any email, NEVER reply or open an attachment. Instead, pick up the phone and call the mission support office – 302.256.0374.
  • Label it spam: If your email service has the ability, report the email as spam.
  • Know your church or organizations policies regarding email: For example; no member, including Bishop Brown, from the Mission Support Office will ever request funds or assisatance via email.
  • Look out for other issues: Scams are not just about emails. Callers may identify themselves to be the IRS or other institutions, and will request money. These types of scams will target everyone, particularly the elderly.
  • Always review and update your own passwords! Do not type your passwords anywhere, i.e. excel spreadsheet, word document, etc., rather use a trusted online password manager.

Going forward, if you or your church receives any suspicious emails, you can notify the United States Computer Emergency Readiness Team, or US-CERT, part of the Department of Homeland Security. Information and links are below: