Cybersecurity Information & Resources
From the Episcopal Diocese of Maine’s Weekly News for Clergy and Lay Leaders, various dates
Phishing in churches
Please beware of email and text “phishing” in Maine churches. Fraudulent email and text requests for money wire transfers and gift cards in the names of Bishop Brown and other clergy continue to circulate around our diocese.
The names on these attempts may be familiar, but the email address or phone number used will not be the one you know. No one from the Bishop’s office will ask you for gift cards or similar items (for themselves or for others) via email or text. Please don’t answer these messages!
Nobody’s email or phone has been “hacked”. Phishing and whaling are when someone creates a NEW email or profile to impersonate a real person. Mark these phishing or whaling scams email addresses as spam, block, and report them to your provider. Phone numbers should be blocked. You may also report these attempts to the government here on the Department of Homeland Security page.
Learn more:
“Whaling” email attacks: How to foil them from the Diocese of Newark
Phishing Scams Targeting Pastors: Who’s Next? from Government Technology
Please stay safe! Take caution in responding to any message that seems unlikely or suspicious.
Church Directory Phishing Scam
The latest variant of identity-theft/phishing scams is to send an email to a church staff person, pretending to be a warden or vestry member, and asking for a digital copy of your parish directory. They’ve hit a ton of parishes in New England this week. So make sure your staff or volunteers don’t fall for this one…
Remember, scammers use email or text messages to trick you into giving them your personal information by making the message appear as though it is from someone you know and trust. Here are some tips to help you stay safe online.
- Don’t click on links that might be suspicious.
- Verify, using a method other than email, if a request for information is legitimate.
- Never send money or personal information (names, addresses, social security numbers, etc.) without confirmation
For more information visit the FTC’s How to Recognize and Avoid Phishing Scams
3 Steps to Secure Your Facebook Business Page from Hackers
Are you an admin for your church’s Facebook page? If so, please read the below!
Hackers are stealing control of Facebook Business Pages and posting misinformation, hijacking credit cards, and running up huge ad bills. How exactly are they doing this?
Hackers are targeting the personal Facebook accounts of individuals who have admin access to business accounts. Click here to read an article about how to protect your business page and your personal profile by taking a few simple precautions.
More about Phishing attempts
Phishing attempts, often in the form of fraudulent email and text requests for money wire transfers and gift cards in the names of Bishop Brown or clergy or other leaders, continue to circulate around our diocese.
The Cybersecurity and Infrastucture Security Administration (CISA) has published a new, useful infographic to help protect organizations and individuals from successful phishing operations. This infographic provides a visual summary of how threat actors execute successful phishing operations. Details include metrics that compare the likelihood of certain types of “bait” and how commonly each bait type succeeds in tricking the targeted individual. It also provides detailed actions organizations and individuals can take to prevent successful phishing operations—from blocking phishing attempts to teaching individuals how to report successful phishing operations.
Phishing, Hacking…and Banking?
We often share with you tips and tricks to thwart phishing or hacking attempts.
Well, a new one has recently come to our attention.
Recently, a “bad actor” has repeatedly tried to open bank accounts and apply for financial loans using a forged pay stub pretending to be from a church of the Diocese. In this process, at least one identity, including a social security number, has been compromised. The fraudulent applications were all made online, not in person at a bank location. Law enforcement and bank management are involved in this case.
Please be careful about protecting your church’s banking and other important information and change passwords regularly on all electronic accounts.
Here’s an example of a recent phishy email sent to a parish administrator “from” the new priest. It’s too easy to fall for this. Please remain vigilant!
Should you suspect illegal or fraudulent activity on any congregational account, please:
- Notify your financial institution immediately.
- File a report with your local law enforcement agency.
- Notify the Rev George Cooper.