The Diocese of Sacramento has received multiple reports from parishioners receiving scam emails from an imposter who creates an email address using the pastor’s name and then sends a phony email asking for money in the form of gift cards. The scam has recently evolved and parishioners are now receiving text messages from the imposter/scammer using the pastor’s name and a local telephone number.

Typically, the scam is initiated when the parishioner receives a casual email or text message from the imposter with a subject like, “Many Blessings.” The body of the email is written something like, “Good morning, how are you doing?” “I need a favor from you, email me as soon as you get this message.” Then the email is signed using the pastor’s name.

Unbeknownst to the recipient, he or she replies to an address that is not the pastor’s, but an imposter’s email address. This type of social engineered attack is commonly referred to as Phishing or CEO Fraud (the latter because the imposter uses the name of a person you trust or have a close relationship and plays on a sense of urgency). The next email usually asks the parishioner to buy gift cards and to transmit the photo of the gift cards with the numbers revealed to the imposter.

REMEMBER: A pastor or clergy member will never ask for gift cards electronically via email or text message!!

Finally, the Chief Information Officer strongly suggests that all parishes post information in their bulletins for the next few weeks to bring awareness to parishioners about these phishing attacks. If you have any questions, please feel free to contact Philip DeLeon at (916) 733-0299.

Full story at Diocese of Sacramento.