One of the facts of life in our modern digital world is there will be people trying to get money or goods fraudulently through phishing scams. One has happened recently to one of the churches in our diocese with an email purportedly by their priest and sent to a number of people asking for assistance or a favor. Regrettably, the perpetrators were successful and the church is working with law enforcement to recover the funds.
Spear phishing is especially difficult because the perpetrator has the name of the sender or the recipient of the email and uses this to gain trust.
There is no way to stop these scams from occurring. But by being vigilant, the risks can be minimized or averted. Here are some steps to take.
- Check the return email address. If the address doesn’t match the name of the sender, be wary.
- Never open attachments from unknown sources, especially those with .exe extensions.
- Be wary of generically addressed emails like Dear Friend or Dear Customer.
- If there are links in the email, hover over them without clicking on them. This will show where the link will actually take you.
- Grammatical or spelling errors in the text of the email.
- Check the address at the bottom of the email. If it says “Pastor Jim” and Jim never goes by “Pastor”, it’s fake.
Finally, if after all these steps it looks safe and the sender is asking for money or access to secure data, call the person directly to get verification.
Your best defense for this is to simply delete the email, do not click on any links or reply to the sender.