Don’t be a phishing victim

Other Manual Translations: 한국어 Português Español

Members and leadership of The United Methodist Church are increasingly the targets of “phishing” emails designed to pass along viruses and steal personal information for use in identity theft.

“Spam, scam and phishing emails and texts aren’t anything new,” said Danny Mai, chief operations officer at United Methodist Communications. “However, increasingly, scammers are targeting more and more unsuspecting people using the guise of people in authority. It seems The United Methodist Church and its leadership has become a focus recently.”

Danny Mai (left) with Irene Kashala Tsheleka from the Democratic Republic of Congo during a 2017 training session for communicators in Ndola, Zambia, conducted by United Methodist Communications. File photo by Kathleen Barry, United Methodist Communications.
Danny Mai (left) with Irene Kashala Tsheleka from the Democratic Republic of Congo during a 2017 training session for communicators in Ndola, Zambia, conducted by United Methodist Communications. File photo by Kathleen Barry, United Methodist Communications.

Scammers use a variety of tricks to con people out of their passwords, bank account or Social Security numbers to illegally access their personal accounts. Thousands of phishing emails are sent every day and many are successful, according to the Federal Trade Commission. In 2019, the FBI’s Internet Crime Complaint Center received 467,361 complaints and recorded more than $3.5 billion in losses to individuals and businesses.

One email making the rounds is a classic pyramid scheme, asking United Methodists to contribute an amount of money and promising that much more money will be sent back to them in return. No United Methodist church agency would ever offer such a program.

“Giving is part of the joy of the holidays,” said Bishop Elaine Stanovsky of the Greater Northwest Episcopal Area, which encompasses the Alaska, Oregon-Idaho and Pacific Northwest conferences.

“But we should all make sure to review any online giving request carefully, even if it looks like it is coming from a trusted person or organization. I hate the thought that trusting people might be cheated by someone asking for money in my name without my knowledge.”

Bishop Elaine Stanovsky preaches during a May 20 worship service at the 2016 United Methodist General Conference in Portland, Ore. File photo by Paul Jeffrey, UM News.
Bishop Elaine Stanovsky preaches during a May 20 worship service at the 2016 United Methodist General Conference in Portland, Ore. File photo by Paul Jeffrey, UM News.

Anyone who receives a financial request from a bishop should verify it before sending a gift by contacting the office of that bishop or the Council of Bishops, said the Rev. Maidstone Mulenga, director of communications for the Council of Bishops.

“We are truly living in strange times when people would use names of bishops to scam someone out of their money,” Mulenga said. “If you get an email purporting to be from a bishop asking for financial help, please double check that the email is from that bishop.”

Publically listing contact information has been a method for pastors and others to make themselves assessable. Unfortunately, it also allows scammers to get hold of the same information.

“Recently after email fraud here in New Jersey, we reviewed some of our current practices and are taking steps to address securing email addresses of individuals (in the conference),” said Bishop John Schol of the Greater New Jersey Conference. “We are also communicating that information in our conference journal may not be used to gather email and mail addresses for bulk use by an individual or organization.”

Bishop John R. Schol presides over the closing business session of the 2016 United Methodist General Conference in Portland, Ore. File photo by Mike DuBose, UM News.
Bishop John R. Schol presides over the closing business session of the 2016 United Methodist General Conference in Portland, Ore. File photo by Mike DuBose, UM News.

United Methodist Communications has been working on eliminating public lists of emails from various places, in particular the popular Find-A-Church data bank, Mai said.

“Find-A-Church relaunched in early 2020 with a new form-based contact feature, allowing searchers to still reach out to churches without an easy ability for harvesters to scrape emails from listings,” Mai said. “This is a first step, but there is still more to do to minimize sophisticated and targeted harvesting attacks on data.”

Administrators should review their websites with an eye toward omitting listings of email addresses or PDFs with email addresses in them, he said.

“Consider placing some sort of human challenge (username/password, captcha, etc.) in front of the information that doesn’t prevent true searchers from accessing information, but does slow down automated script attacks,” Mai said.

Here are some tips for spotting phishing emails and eliminating threats:

  • • Phishing emails often try to induce panic to encourage victims to reveal information without thinking it through. Common strategies include warning about suspicious activity or log-in attempts, claiming payment or personal information needs updating, including fake invoices and urging clicking on a link to make a payment or get a refund or coupon.

     

  • • Sometimes when approaching a church audience, a phishing email will use a heart-tugging message or story to stir sympathy and encourage generosity. Although church institutions do encourage giving in various ways, be on the lookout for messages that seem manipulative and come through unusual channels.

     

  • • Emails that come from peculiar email addresses should be treated with caution. Criminals sometimes take care to include the name of a legitimate sender or a recognizable logo in the text of an email, but a check of the actual email address where it originates is often a giveaway of a phishing email.

     

  • • Check for spelling, grammar and punctuation mistakes and be on the lookout for awkward writing. Legitimate companies check for such errors before allowing a mass email to be sent.

     

  • • Beware of hyperlinks. Hover over before clicking on them and see if the link looks accurate. Sometimes scammers purchase a domain name similar to the one they are purporting to be, so inspect it carefully.

     

  • • Attachments, especially from an unknown or suspicious company name, should be treated with caution. Clicking on the wrong attachment can lead to viruses or malware being installed on computers and networks. Even if an attachment looks valid, scanning it with antivirus software is recommended.

Patterson is a UM News reporter in Nashville, Tennessee. Contact him at 615-742-5470 or [email protected] To read more United Methodist news, subscribe to the free Daily or Weekly Digests.


Like what you're reading? Support the ministry of UM News! Your support ensures the latest denominational news, dynamic stories and informative articles will continue to connect our global community. Make a tax-deductible donation at ResourceUMC.org/GiveUMCom.

Sign up for our newsletter!

UMNEWS-SUBSCRIPTION
Faith Stories
GW Stark, the son of a United Methodist preacher, refashions his father’s sermons from the 1950s through the 1970s into podcasts from his home in Franklin, Tenn. Photo by Mike DuBose, UM News.

Sermons revived 25 years after pastor’s death

The Son of a Preacher Podcast refashions vintage sermons by United Methodist pastor the Rev. Wallace A. Stark as bite-size podcasts, with commentary from his son, GW Stark.
General Church
Ongoing financial challenges, made worse by the pandemic, have prompted big changes for the United Methodist Publishing House. The self-supporting agency has sold its Nashville, Tennessee, campus (pictured here) to a Chicago real estate firm, and has transferred the assets and management of a pension fund to Wespath Benefits and Investments. File photo by Mike DuBose, UM News.

Publishing House moves pension plan, sells campus

The United Methodist Publishing House, hard hit by the pandemic, has finalized some planned changes, including the sale of its Nashville property and transfer of a pension plan to Wespath.
Evangelism
A solar-powered radio allows Tunui Metuni to listen to Trinity FM while tending his family’s livestock in Samburu County, Kenya. After the closure of schools in 2020 because of COVID-19, the church radio station began broadcasting school programs to children in a local language. Trinity United Methodist Church raised money in the community to donate 200 radio sets to vulnerable families. Photo by Faith Wanjiru, UM News.

Church hits airwaves to reach vulnerable communities

COVID-19 church lockdown births new way of livestreaming worship services and sharing messages of hope, as well as vital information.