News

Phishing

More vigilance needed as impersonators use our church members to solicit money or your attention!

Dear parishioners,

The issue of “phishing” where e-mails are culled from various websites and then recipients receive fake e-mails from clergy asking for someone to contact them (or to send money) has plagued St. Paul’s for many years. When we updated our website last year, we discovered many of your e mails were already accessible (ministry leaders) and being used to solicit money. Even though we tightened security with a new e mail security program 18 months ago, many of our e mail addresses are already in the hands of these criminals, so our vigilance cannot cease.

This week, a friend reported someone alleging to be me had shared news about a large grant on Instagram (I don’t even have an Instagram account) and was soliciting money from my Facebook friends. The Rector’s Warden had a similar solicitation asking for information and because it seemed to come from her, our office staff sent her an updated parish directory in a PDF form (addresses and phone numbers without e mails. We are very sorry about this and are alerting you to the possibility you may begin to receive phone solicitations allegedly coming from St. Paul’s. Although these scammers prefer to use e mails, we are concerned the parish mailing list may be used to engage people directly. Do not give any information to anyone calling from St. Paul’s without knowing them personally. If in doubt, take their number and let us know you are being called.

First of all, the church membership financial information remains secure and no-one, other than two employees have access to it. Fortunately, we have not had a breach of security through ransomware attacks, so all of your personal and financial records are still safe and held at the office (credit card info, etc.). So that is good news. For example, I just received a note from Lowes and Home Depot that because of a security breach in their systems, they advised me to change my password. I am sure you are familiar with these major corporate challenges, but the problem I am describing at St. Paul’s does not require a response other than to be more vigilant.

So, please assume that any e mail or Facebook request that seems unusual, may have different or unusual spelling, and may be asking you to contact me (or others in leadership like Ruth) is fake. I will never ask you to send me money to me or the church and usually if I want to contact you I will pick up the phone and call you directly. Do not respond to e mails where the senders handle may even look like mine, but close examination will show it is not actually canon@stpaulschestnuthill.org.

This will not change when Fr. Eric comes. I expect you will be getting e mails from another fake account pretending to come from Eric, so pay attention and if there seems to be something suspicious going on, ask us or let us know. We will announce Eric’s new e mail in a couple of weeks. Special attention needs to be paid to his introduction to the parish and well wishers may let their guard down thinking Eric may be reaching out to them. The same vigilance and attention that is needed around my e mail handle will be needed for Eric.

These episodes are more frequent than any of us might care to admit. Last week, an out of state bank called me about check someone was cashing from (another) St Paul’s church with my personal phone number printed on the check!. It was good the bank called me and after asking for a photo of the check, I reported this was simply a fraud disguised as a Covid 19 relief check from a church. There are many scams going on right now and I suggest you read about a recent report compiled by AAA.

This is unfortunately, our new normal. If we find an increasing number of parishioners are receiving more than usual phishing e mails or unusual calls, we can report it to the FBI for investigation, so please be careful and let us know of any unusual requests you are getting in the coming weeks.

Remember, if it is too good to be true, it probably is! We will never ask you for money or to contact us using these deplorable methods. Check the e mail handle of the sender and report to us, if it is allegedly coming from staff or lay volunteers. If you are suspicious or seem something is out of character or irregular, trust your instinct.

Sincerely,
Albert J. Ogle

+