Over the past three weeks, some members of the church have received suspicious text messages claiming to be from Rev. Jon Luopa and asking them to purchase gift cards for staff members on his behalf. These messages were efforts by scammers to trick people into taking action that was not in their interest, simply by leveraging the members’ inherent trust in their minister and in their church. These and related kinds of social engineering scams have become more and more common around the world and lead to billions of dollars in losses to individuals and corporations every year.

The member portal and directory used for UUC Connect is based on cloud software from ACS Technologies. They work very hard to keep this environment secure through password-protected logins and managed user-permission levels on secure cloud servers. However, information maintained in this secure environment can be copied into external resources and lists by authorized users for legitimate reasons related to church activities and programs. Unfortunately, after any data has been copied into an external resource, such as a file on a personal computer hard drive or attached to an email message, that data associated with UUC is no longer secure and can become a target for hackers to use in scam emails or text messages.

So what do phishing emails and text message scams look like? How do you recognize them and test them to make sure you are not being misled?

According to ACS Technologies, you can tell a typical phishing email because “there’s a sense of urgency in the message and the scammer wants you to take action quickly. There may also be a threat of some immediate negative consequence if you don’t do as they ask. The scammer may pretend to be the pastor, a staff member, or someone in your church. Malicious emails can easily appear to come from trusted sources. They may even include a reply to an email you just sent.” Do not take any action or reply to an email that asks you to do something or give information that is extraordinary or unusual, given your typical interactions with the church and its members and staff.

The text message scam is especially effective because of how personal those text messages can feel, especially when they are from your church. According to ACS Technologies, “it’s fairly cheap and easy to spoof a phone number, which makes this a popular scam. Using the church helps to legitimize the text and increases the scam’s success. If the story is believable, most people will want to help their church.” They recommend looking for the following flags:

• Your pastor texts you and asks for your credit card number or other personal information.
• You’re asked to give to your church in a new, unconventional way.
• There’s a sense of urgency behind the request.
• You weren’t expecting to receive a text from the sender, or you have never received a text from the sender before.

If you receive such a text, do not reply to it. You should report it as junk or a scam to your carrier or messaging app provider if they offer such a feature. You can also use the instructions offered by the Federal Trade Commission < https://consumer.ftc.gov/consumer-alerts/2019/07/worshipers-targeted-gift-card-scam> to report a texting scam.

If you are the victim of a phishing email or a text scam—that is, if you follow the scammer’s instructions far enough to actually lose money—you are strongly encouraged to get in touch with legal authorities. This happens to countless people every day, so please do not hide the fact that you have lost money to a scammer out of embarrassment or shame. The FBI has set up an Internet Crimes Complaint Center (https://www.ic3.gov/) specifically for filing complaints and reports of cyber crime. It also contains a great deal of general information and tips for recognizing and protecting yourself from many forms of internet-enabled criminal activities.

February 2, 2024

* "Smishing" is a term for online fraud ("phishing") committed via a SMS (text) message.