From the Episcopal Diocese of Maine’s Weekly News for Clergy and Lay Leaders, various dates
Phishing in churches
Please beware of email and text “phishing” in Maine churches. Fraudulent email and text requests for money wire transfers and gift cards—or even a simple “favor”—in the names of Bishop Brown and other clergy continue to circulate around our diocese.
The names on these attempts may be familiar, but the email address or phone number used will not be the one you know. No one from the Bishop’s office will ask you for gift cards or similar items (for themselves or for others) via email or text, nor will the Bishop contact you asking for a “favor.” Please don’t answer these messages!
Nobody’s email or phone has been “hacked.” Phishing and whaling are when someone creates a NEW email or profile to impersonate a real person. Mark these phishing or whaling scams email addresses as spam, block, and report them to your provider. Phone numbers should be blocked. You may also report these attempts to the government here on the Department of Homeland Security page.
Below are some of the top warning signs that an email may be a scam:
- Generic greetings and/or generic signature line
- Urgent or threatening language
- Unsolicited requests for personal information
- Discrepancies between the email address and “from” name
- Odd or vague requests for help
- Misspellings, obvious typos, and grammatical errors
- Suspicious links and attachments (do not click on suspicious links and do not download files or attachments from unknown sources)
Learn more:
“Whaling” email attacks: How to foil them from the Diocese of Newark
Phishing Scams Targeting Pastors: Who’s Next? from Government Technology
Please stay safe! Take caution in responding to any message that seems unlikely or suspicious.
Direct Deposit Scams Are Targeting Church Payroll
A recent incident here in the Diocese is a good reminder that payroll fraud doesn’t always look like an obvious scam email full of typos and urgent threats. Sometimes it appears to be a completely normal, polite conversation—one that a scammer has simply inserted themselves into.
How the Scam Works
Here’s the pattern our payroll team recently encountered:
-
- A “staff member” (scammer) emails their parish or administrator, asking to update their direct deposit information after switching banks.
- The administrator responds appropriately, providing the correct form and directing the request to the diocesan payroll contact.
- A few days later, the “staff member” follows up with the diocesan payroll office—but this time from an email account that doesn’t match any address used earlier in the thread and is now posing as the admin asking for the bank change instead of the original “staff member”—pressing payroll to confirm that the direct deposit change has been made and asking for the effective date.
- The message is repeated once or twice, with mild urgency, hoping payroll will simply confirm the change without double-checking who’s actually asking.
If payroll confirms the change (or worse, processes a new change based on instructions from that follow-up), the employee’s next paycheck could be routed straight into a scammer’s account instead of their own.

Red Flags to Watch For
- A mismatched email address. The original request came from one address; the “confirmation” request comes from an unrelated personal Gmail (or Yahoo, Outlook.com, etc.) account, not the organization’s domain.
- Inserting into an existing thread. Scammers often reply into a real, legitimate email chain to borrow its credibility, rather than starting a fresh message.
- Requests to “just confirm” rather than provide new information—this is designed to feel low-risk and routine, so it doesn’t trigger scrutiny.
- Minor language inconsistencies—awkward phrasing, unusual grammar, or a tone that doesn’t quite match the person’s normal writing style.
- Gentle repetition or urgency—a second or third follow-up message nudging for a fast confirmation.
What Admin Staff Should Do
- Never confirm or process a direct deposit change based on email alone, especially if the request comes from an address that doesn’t match the employee’s known church or diocesan email.
- Verify out-of-band. Call the employee directly using a phone number already on file—not one provided in the suspicious email—before confirming or changing anything.
- Treat “just confirming” requests with the same scrutiny as new requests. Fraudsters often use a soft follow-up to test whether payroll will let their guard down.
- When in doubt, loop in the diocesan finance director or diocesan payroll office before taking any action on a banking change.
The Bottom Line
Direct deposit fraud doesn’t need to hack anything—it just needs one person to skip a verification step. A quick phone call to confirm identity, every time banking information changes, is the simplest and most effective safeguard we have.
If you receive a suspicious request like this, please forward it to the diocesan finance office rather than replying directly.
Church Directory Phishing Scam
The latest variant of identity-theft/phishing scams is to send an email to a church staff person, pretending to be a warden or vestry member, and asking for a digital copy of your parish directory. They’ve hit a ton of parishes in New England this week. So make sure your staff or volunteers don’t fall for this one…
Remember, scammers use email or text messages to trick you into giving them your personal information by making the message appear as though it is from someone you know and trust. Here are some tips to help you stay safe online.
- Don’t click on links that might be suspicious.
- Verify, using a method other than email, if a request for information is legitimate.
- Never send money or personal information (names, addresses, social security numbers, etc.) without confirmation
For more information visit the FTC’s How to Recognize and Avoid Phishing Scams
3 Steps to Secure Your Facebook Business Page from Hackers
Are you an admin for your church’s Facebook page? If so, please read the below!
Hackers are stealing control of Facebook Business Pages and posting misinformation, hijacking credit cards, and running up huge ad bills. How exactly are they doing this?
Hackers are targeting the personal Facebook accounts of individuals who have admin access to business accounts. Click here to read an article about how to protect your business page and your personal profile by taking a few simple precautions.
More about Phishing attempts
Phishing attempts, often in the form of fraudulent email and text requests for money wire transfers and gift cards in the names of Bishop Brown or clergy or other leaders, continue to circulate around our diocese.
The Cybersecurity and Infrastucture Security Administration (CISA) has published a new, useful infographic to help protect organizations and individuals from successful phishing operations. This infographic provides a visual summary of how threat actors execute successful phishing operations. Details include metrics that compare the likelihood of certain types of “bait” and how commonly each bait type succeeds in tricking the targeted individual. It also provides detailed actions organizations and individuals can take to prevent successful phishing operations—from blocking phishing attempts to teaching individuals how to report successful phishing operations.
Phishing, Hacking…and Banking?
We often share with you tips and tricks to thwart phishing or hacking attempts.
Well, a new one has recently come to our attention.
Recently, a “bad actor” has repeatedly tried to open bank accounts and apply for financial loans using a forged pay stub pretending to be from a church of the Diocese. In this process, at least one identity, including a social security number, has been compromised. The fraudulent applications were all made online, not in person at a bank location. Law enforcement and bank management are involved in this case.
Please be careful about protecting your church’s banking and other important information and change passwords regularly on all electronic accounts.
Here’s an example of a recent phishy email sent to a parish administrator “from” the new priest. It’s too easy to fall for this. Please remain vigilant!

Should you suspect illegal or fraudulent activity on any congregational account, please:
- Notify your financial institution immediately.
- File a report with your local law enforcement agency.
- Notify Sherri Quint