Phishing Emails 

Many of us have received emails that seem to be coming from leaders of our churches or from leaders in ECMN that seem off. Maybe they’re asking you to send them money, maybe they’re asking you to reach out to them urgently, but the text in the message is misspelled. These types of emails are called email-based impersonation, and are a form of phishing utilized by cybercriminals to get access to your information, or to influence you to send money.

When you look closely, there are telltale indications that these messages aren’t truly from the leaders we think they are, but are examples of Phishing.

Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication.[1][2] Typically carried out by email spoofing[3] or instant messaging,[4] it often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site.[5]

There is no way to stop these scams from occurring. However, with some vigilance and a list of things to look for, you can keep yourself and your data safe. 

Here are a few things to look for to determine if a message is, indeed, fraudulent:

  • The return email address: the email sending the message is often something like bishop@gmail.com or the.rt.rev.craiglowa@gmail.com. They might look semi-plausible, but aren’t the actual email of the individual being impersonated. You can expect any email coming from ECMN to come from an account using the domain @episcopalmn.org or @ecmn.org

  • The message: phishing emails often address the recipient as ‘dear friend’ or ‘hello’ but don’t list you or your name in the message.

  • Grammatical errors: phishing emails often have strange grammatical errors or use language, phrases and content that seem out of character for the individual being impersonated.

 

Here’s what to do if you think you’ve received a phishing email:

  • Don’t open any attachments 

  • Don’t click on links

  • If you can, report the email as phishing or spam