Don’t be a phishing victim


Members and leadership of The United Methodist Church are increasingly the targets of “phishing” emails designed to pass along viruses and steal personal information for use in identity theft.

“Spam, scam and phishing emails and texts aren’t anything new,” said Danny Mai, chief operations officer at United Methodist Communications. “However, increasingly, scammers are targeting more and more unsuspecting people using the guise of people in authority. It seems The United Methodist Church and its leadership has become a focus recently.”

Danny Mai (left) with Irene Kashala Tsheleka from the Democratic Republic of Congo during a 2017 training session for communicators in Ndola, Zambia, conducted by United Methodist Communications. File photo by Kathleen Barry, United Methodist Communications.
Danny Mai (left) with Irene Kashala Tsheleka from the Democratic Republic of Congo during a 2017 training session for communicators in Ndola, Zambia, conducted by United Methodist Communications. File photo by Kathleen Barry, United Methodist Communications.

Scammers use a variety of tricks to con people out of their passwords, bank account or Social Security numbers to illegally access their personal accounts. Thousands of phishing emails are sent every day and many are successful, according to the Federal Trade Commission. In 2019, the FBI’s Internet Crime Complaint Center received 467,361 complaints and recorded more than $3.5 billion in losses to individuals and businesses.

One email making the rounds is a classic pyramid scheme, asking United Methodists to contribute an amount of money and promising that much more money will be sent back to them in return. No United Methodist church agency would ever offer such a program.

“Giving is part of the joy of the holidays,” said Bishop Elaine Stanovsky of the Greater Northwest Episcopal Area, which encompasses the Alaska, Oregon-Idaho and Pacific Northwest conferences.

“But we should all make sure to review any online giving request carefully, even if it looks like it is coming from a trusted person or organization. I hate the thought that trusting people might be cheated by someone asking for money in my name without my knowledge.”

Bishop Elaine Stanovsky preaches during a May 20 worship service at the 2016 United Methodist General Conference in Portland, Ore. File photo by Paul Jeffrey, UM News.
Bishop Elaine Stanovsky preaches during a May 20 worship service at the 2016 United Methodist General Conference in Portland, Ore. File photo by Paul Jeffrey, UM News.

Anyone who receives a financial request from a bishop should verify it before sending a gift by contacting the office of that bishop or the Council of Bishops, said the Rev. Maidstone Mulenga, director of communications for the Council of Bishops.

“We are truly living in strange times when people would use names of bishops to scam someone out of their money,” Mulenga said. “If you get an email purporting to be from a bishop asking for financial help, please double check that the email is from that bishop.”

Publically listing contact information has been a method for pastors and others to make themselves assessable. Unfortunately, it also allows scammers to get hold of the same information.

“Recently after email fraud here in New Jersey, we reviewed some of our current practices and are taking steps to address securing email addresses of individuals (in the conference),” said Bishop John Schol of the Greater New Jersey Conference. “We are also communicating that information in our conference journal may not be used to gather email and mail addresses for bulk use by an individual or organization.”

Bishop John R. Schol presides over the closing business session of the 2016 United Methodist General Conference in Portland, Ore. File photo by Mike DuBose, UM News.
Bishop John R. Schol presides over the closing business session of the 2016 United Methodist General Conference in Portland, Ore. File photo by Mike DuBose, UM News.

United Methodist Communications has been working on eliminating public lists of emails from various places, in particular the popular Find-A-Church data bank, Mai said.

“Find-A-Church relaunched in early 2020 with a new form-based contact feature, allowing searchers to still reach out to churches without an easy ability for harvesters to scrape emails from listings,” Mai said. “This is a first step, but there is still more to do to minimize sophisticated and targeted harvesting attacks on data.”

Administrators should review their websites with an eye toward omitting listings of email addresses or PDFs with email addresses in them, he said.

“Consider placing some sort of human challenge (username/password, captcha, etc.) in front of the information that doesn’t prevent true searchers from accessing information, but does slow down automated script attacks,” Mai said.

Here are some tips for spotting phishing emails and eliminating threats:

  • • Phishing emails often try to induce panic to encourage victims to reveal information without thinking it through. Common strategies include warning about suspicious activity or log-in attempts, claiming payment or personal information needs updating, including fake invoices and urging clicking on a link to make a payment or get a refund or coupon.

     

  • • Sometimes when approaching a church audience, a phishing email will use a heart-tugging message or story to stir sympathy and encourage generosity. Although church institutions do encourage giving in various ways, be on the lookout for messages that seem manipulative and come through unusual channels.

     

  • • Emails that come from peculiar email addresses should be treated with caution. Criminals sometimes take care to include the name of a legitimate sender or a recognizable logo in the text of an email, but a check of the actual email address where it originates is often a giveaway of a phishing email.

     

  • • Check for spelling, grammar and punctuation mistakes and be on the lookout for awkward writing. Legitimate companies check for such errors before allowing a mass email to be sent.

     

  • • Beware of hyperlinks. Hover over before clicking on them and see if the link looks accurate. Sometimes scammers purchase a domain name similar to the one they are purporting to be, so inspect it carefully.

     

  • • Attachments, especially from an unknown or suspicious company name, should be treated with caution. Clicking on the wrong attachment can lead to viruses or malware being installed on computers and networks. Even if an attachment looks valid, scanning it with antivirus software is recommended.

Patterson is a UM News reporter in Nashville, Tennessee. Contact him at 615-742-5470 or newsdesk@umcom.org. To read more United Methodist news, subscribe to the free Daily or Weekly Digests.


Like what you're reading? Support the ministry of UM News! Your support ensures the latest denominational news, dynamic stories and informative articles will continue to connect our global community. Make a tax-deductible donation at ResourceUMC.org/GiveUMCom.

Sign up for our newsletter!

Subscribe Now
General Agencies
From left, Pacome Nguessan, Matt Crum, Priscilla Muzerengwa, Jennifer Rodia, Ashley Gish, North Katanga Area Bishop Mande Muyombo, Poonam Patodia and Chilima Karima celebrate together at the end of training on regionalization. All but the bishop work for United Methodist Communications. Photo courtesy of United Methodist Communications.

Training shows communications’ importance

African United Methodists who attended training sessions on communication and regionalization spoke of how it would help them tell the good news of the denomination.
Theology and Education
United Methodist communicators smile during training organized by United Methodist Communications in Dar Es Salaam, Tanzania. Communicators from across the African continent joined in back-to-back training sessions on communications and regionalization in mid-October. Photo courtesy of United Methodist Communications.

Debunking disinformation about regionalization

United Methodists from across Africa gathered for training on communications and regionalization. Many have been contending with disinformation about the proposal and the church in general.
General Conference
A Dakotas Conference online Q&A about General Conference matters had answers maliciously changed, the conference reports. Bishop Lanette Plambeck said “the unauthorized edits do not reflect the responses or position of the Dakotas Conference or The United Methodist Church or our delegation (to General Conference).” Logo courtesy of the Dakotas Conference.

Conference online document altered

A Dakotas Conference’s online Q&A about General Conference had answers maliciously changed, Bishop Lanette Plambeck says.

United Methodist Communications is an agency of The United Methodist Church

©2024 United Methodist Communications. All Rights Reserved