Whaling email scammers hitting churches hard. Here’s how to fight back

Whaling email scammers hitting churches hard. Here’s how to fight back

So you open your email one day and there’s a note from the rector asking you to please help her out by buying gift cards and sending her the serial numbers so she can assist a family in need.

Except – it’s not from your rector. It’s a scam. And it’s targeting church folks by sending emails that appear to be from a church leader.  This is called “phising,” or, when it goes after a higher ranking person, “whaling”.

What can you do? Here is an excellent article on this scam by Nina Nicholson, communication director for the Diocese of Newark, that offers great advice. Please read it all. Here are two important excerpts:

Verify the “from” email

The malicious actors behind “whaling” attacks are counting on people springing into action as soon as they see an important name on an email. You can outsmart them by looking beyond the name and checking the “from” email address to see if it matches what you know the alleged sender’s email to be.

If you only see a name, you can cause the “from” email address to be displayed by hovering the cursor over the name.

Note: This is one of the reasons for the requirement that all people doing diocesan business use edfw.org accounts. It allows the staff to take rapid measures to protect diocesan assets if someone’s account has been compromised.

Confirm requests with a conversation

Even if the email or text seems legit, if a request seems even remotely “off,” don’t act on it until you confirm it with a phone call or face-to-face conversation.

In the case of an alleged message from the bishop, you may want to reach out to [the bishop’s] staff [Janet.waggoner@edfw.org or michele.king@edfw.org]. Don’t reply to the suspicious email or text.

Observing these two steps will go a long way in identifying and avoiding “whaling” attacks before they get their hooks in you.

Here is advice from the Federal Trade Commission on this scam.

Please read it for information on where to report such scams, especially if you did purchase from gift cards.