There has recently been a serious increase in the number of phishing scams targeting religious organizations including St. Bernard and St. Matthew staffs with emails appearing to be sent from Fr. Rick. Phishing is the fraudulent practice of sending emails purporting to be from reputable companies or persons to induce individuals to reveal personal information, such as passwords and credit card numbers.
Below is an example of a phishing email where the scammer impersonated Fr. Rick with numerous exchanges between the parties via email before the individual asked for the gift cards.
There are some simple ways to tell whether or not this is a legitimate email or a phishing attack. The easiest way to tell is italized, bolded, & underlined below— the email address in italics, bold, & underlined is not Fr. Rick’s real email. His real email is “firstname.lastname@example.org”.
*** Sample Email ***
From: Father Rick <email@example.com>
Sent: Wednesday, August 1, 2018 1:10 PM
To: Admin Asst (HF/SJJ) <firstname.lastname@example.org>
Subject: Re: God bless you
Good to hear from you, its my niece birthday and I need to get her an iTunes gift card that I promised her as a birthday gift but I can't do this right now because I'm currently busy checking on a friend at the hospital. Can you get it from any store around you? I'll pay you back.
*** End of Sample Email ***
Can you stop these emails?
Actually no. We can add the email to a block list but typically the attacker just creates a new email and sends another wave of attacks.
Is Father’s email hacked or compromised?
Most likely not. If Father's email was fully compromised, the attacker would have sent the email directly from Father's email.
What should I do if I have been scammed by a phisher?
Do not respond via email and call the parish office to check.