Don’t be a phishing victim

Other Manual Translations: 한국어 português español

Members and leadership of The United Methodist Church are increasingly the targets of “phishing” emails designed to pass along viruses and steal personal information for use in identity theft.

“Spam, scam and phishing emails and texts aren’t anything new,” said Danny Mai, chief operations officer at United Methodist Communications. “However, increasingly, scammers are targeting more and more unsuspecting people using the guise of people in authority. It seems The United Methodist Church and its leadership has become a focus recently.”

Danny Mai (left) with Irene Kashala Tsheleka from the Democratic Republic of Congo during a 2017 training session for communicators in Ndola, Zambia, conducted by United Methodist Communications. File photo by Kathleen Barry, United Methodist Communications.
Danny Mai (left) with Irene Kashala Tsheleka from the Democratic Republic of Congo during a 2017 training session for communicators in Ndola, Zambia, conducted by United Methodist Communications. File photo by Kathleen Barry, United Methodist Communications.

Scammers use a variety of tricks to con people out of their passwords, bank account or Social Security numbers to illegally access their personal accounts. Thousands of phishing emails are sent every day and many are successful, according to the Federal Trade Commission. In 2019, the FBI’s Internet Crime Complaint Center received 467,361 complaints and recorded more than $3.5 billion in losses to individuals and businesses.

One email making the rounds is a classic pyramid scheme, asking United Methodists to contribute an amount of money and promising that much more money will be sent back to them in return. No United Methodist church agency would ever offer such a program.

“Giving is part of the joy of the holidays,” said Bishop Elaine Stanovsky of the Greater Northwest Episcopal Area, which encompasses the Alaska, Oregon-Idaho and Pacific Northwest conferences.

“But we should all make sure to review any online giving request carefully, even if it looks like it is coming from a trusted person or organization. I hate the thought that trusting people might be cheated by someone asking for money in my name without my knowledge.”

Bishop Elaine Stanovsky preaches during a May 20 worship service at the 2016 United Methodist General Conference in Portland, Ore. File photo by Paul Jeffrey, UM News.
Bishop Elaine Stanovsky preaches during a May 20 worship service at the 2016 United Methodist General Conference in Portland, Ore. File photo by Paul Jeffrey, UM News.

Anyone who receives a financial request from a bishop should verify it before sending a gift by contacting the office of that bishop or the Council of Bishops, said the Rev. Maidstone Mulenga, director of communications for the Council of Bishops.

“We are truly living in strange times when people would use names of bishops to scam someone out of their money,” Mulenga said. “If you get an email purporting to be from a bishop asking for financial help, please double check that the email is from that bishop.”

Publically listing contact information has been a method for pastors and others to make themselves assessable. Unfortunately, it also allows scammers to get hold of the same information.

“Recently after email fraud here in New Jersey, we reviewed some of our current practices and are taking steps to address securing email addresses of individuals (in the conference),” said Bishop John Schol of the Greater New Jersey Conference. “We are also communicating that information in our conference journal may not be used to gather email and mail addresses for bulk use by an individual or organization.”

Bishop John R. Schol presides over the closing business session of the 2016 United Methodist General Conference in Portland, Ore. File photo by Mike DuBose, UM News.
Bishop John R. Schol presides over the closing business session of the 2016 United Methodist General Conference in Portland, Ore. File photo by Mike DuBose, UM News.

United Methodist Communications has been working on eliminating public lists of emails from various places, in particular the popular Find-A-Church data bank, Mai said.

“Find-A-Church relaunched in early 2020 with a new form-based contact feature, allowing searchers to still reach out to churches without an easy ability for harvesters to scrape emails from listings,” Mai said. “This is a first step, but there is still more to do to minimize sophisticated and targeted harvesting attacks on data.”

Administrators should review their websites with an eye toward omitting listings of email addresses or PDFs with email addresses in them, he said.

“Consider placing some sort of human challenge (username/password, captcha, etc.) in front of the information that doesn’t prevent true searchers from accessing information, but does slow down automated script attacks,” Mai said.

Here are some tips for spotting phishing emails and eliminating threats:

  • • Phishing emails often try to induce panic to encourage victims to reveal information without thinking it through. Common strategies include warning about suspicious activity or log-in attempts, claiming payment or personal information needs updating, including fake invoices and urging clicking on a link to make a payment or get a refund or coupon.

     

  • • Sometimes when approaching a church audience, a phishing email will use a heart-tugging message or story to stir sympathy and encourage generosity. Although church institutions do encourage giving in various ways, be on the lookout for messages that seem manipulative and come through unusual channels.

     

  • • Emails that come from peculiar email addresses should be treated with caution. Criminals sometimes take care to include the name of a legitimate sender or a recognizable logo in the text of an email, but a check of the actual email address where it originates is often a giveaway of a phishing email.

     

  • • Check for spelling, grammar and punctuation mistakes and be on the lookout for awkward writing. Legitimate companies check for such errors before allowing a mass email to be sent.

     

  • • Beware of hyperlinks. Hover over before clicking on them and see if the link looks accurate. Sometimes scammers purchase a domain name similar to the one they are purporting to be, so inspect it carefully.

     

  • • Attachments, especially from an unknown or suspicious company name, should be treated with caution. Clicking on the wrong attachment can lead to viruses or malware being installed on computers and networks. Even if an attachment looks valid, scanning it with antivirus software is recommended.

Patterson is a UM News reporter in Nashville, Tennessee. Contact him at 615-742-5470 or [email protected] To read more United Methodist news, subscribe to the free Daily or Weekly Digests.


Like what you're reading?  United Methodist Communications is celebrating 80 years of ministry! Your support ensures the latest denominational news, dynamic stories and informative articles will continue to connect our global community.  Make a tax-deductible donation at ResourceUMC.org/GiveUMCom.

Sign up for our newsletter!

umnews-subscriptions
Mission and Ministry
Custodian James Jimmerson disinfects a microphone to prevent any possible spread of the coronavirus at Belmont United Methodist Church in Nashville, Tenn., on Sunday, May 10, following online worship, which is recorded in the sanctuary. As churches considered returning to in-person worship, cleaning measures are one of many factors leaders considered. “I believe my job, my part in this, is to make sure people are safe in here,” Jimmerson said. File photo by Mike DuBose, UM News.

COVID-19 is top church story of 2020

The church response to the COVID-19 pandemic was voted the top United Methodist news story of 2020 by conference communicators in the U.S., Africa, Europe and the Philippines and UM News staff.
General Church
The parking lot of the United Methodist Publishing House in Nashville, Tenn., stands mostly empty on Monday, Dec. 14, 2020. Employees have worked remotely during the COVID-19 pandemic. The health emergency also has caused Publishing House revenues to drop, prompting layoffs and a decision to put the headquarters up for sale. Photo by Mike DuBose, UM News.

Publishing House among pandemic victims

With church buildings closed due to COVID-19, the United Methodist Publishing House has seen sharply lower sales and had to take severe cost-saving steps.
General Church
Mark Doyal. Photo courtesy of the Michigan Conference.

Churches must adapt to historic disruption

Amid the upheavals of 2020, churches have an opportunity to embody God’s Kingdom in new ways.