May 29, 2019 | GNJ NewsRead This Article
NEW Alert - 11/12/20
An email address (email@example.com) requesting help is being sent to GNJ clergy. This is a fraudulent attempt to solicit you to participate in a scheme to purchase gift cards and send money. DO NOT RESPOND to the email. Please see suggestions below.
Be On Alert
Church email addresses and pastor emails are publicly accessible from search engines like google, church websites, on the GNJ website and at the Find -A-Church application at umc.org. While most people will use this information to find a local place of worship or make a contact about a spiritual need, these addresses are available to businesses for solicitation and to con artists as a part of a scam.
GNJ does not endorse these solicitations and any questions about the legitimacy of a solicitation or request using Greater New Jersey Annual Conference or the United Methodist Church should be sent to firstname.lastname@example.org for verification.
- When in doubt, ask if this is sent by the sender. Never use the reply option. In a separate email, send to the appropriate person and ask if they sent you an email containing the request
- Never open an attachment you cannot verify the sender and feel confident in the sender
- Never click on a link when you cannot verify the sender and that the sender can be trusted
- Never give financial information unless you are authorized to do so and you can verify it is an appropriate request
- Never approve money to someone who asks for money without going through all official approvals.
What is Phishing?
Phishing is fraudulent email that looks like it is from a reputable source, but seeks to gain personal information, credit card numbers or payment. Periodically we receive reports that someone is phishing using a gnjumc account. It is very hard to prevent someone from phishing an account but we can offer tips to our clergy and laity on how to identify it so that they do not respond and get caught in a financial scam. The following best practices for identifying phish email are recommended by the website phishme.com.
Anti-Phishing Best Practices for Identifying Phish Emails:
- Emails Insisting on Urgent Action: Emails insisting on urgent action do so to fluster the recipient. Usually this type of email threatens a negative consequence if the action is not taken, and recipients are so keen to avoid the negative consequences that they fail to study the email for inconsistencies or indications that it may be bogus.
- Emails Containing Spelling Mistakes: Most companies now employ a spell-checking facility in the email client or web browser to ensure that communications maintain a professional appearance. Emails containing spelling mistakes or grammatical errors are likely indicators that the email is not genuine.
- Emails with an Unfamiliar Greeting: Emails sent by friends and colleagues usually start with an informal salutation. Those addressed to “Dear XXXXX” when that greeting is not normally used, and those containing language not often used by colleagues, are signs the emails could originate from an attacker and should be deleted.
- Inconsistencies in Email Addresses: When an email looks suspicious check the address against previous emails received from the correspondent to detect inconsistencies.
- Inconsistencies in Links and Domain Names: Links to malicious websites can easily be disguised as genuine links. It is also advisable to hover a mouse pointer over a link in an email to see what `pops up´ as an address. If an email claims to be from (say) a business contact, but the pop up indicates an unfamiliar website, the email is likely a phishing email.
- Suspicious Attachments: Emails from colleagues with attachments should be treated suspiciously – particularly if the attachment has an unfamiliar extension or one commonly used to deliver malware payloads (.zip, .exe, .scr, etc.).
- Emails That Seem Too Good to Be True: Emails that seem too good to be true emails incentivize recipients to click a link or open an attachment with the promise that they will benefit by doing so. Typically recipients have not initiated contact and the sender of the email is unknown to them. These emails should be flagged as suspicious at once.
- Emails Requesting Login Credentials, Payment Information or Other Sensitive Information: Emails requesting login credentials, payment information or other sensitive information should always be treated with caution. By adopting the anti-phishing best practices detailed above, recipients of these emails should be able to determine whether or not they represent a threat, and deal with them accordingly.
When in doubt confirm.
If you receive an email from GNJ that you think is suspicious, send an email to the person to confirm the request. DO NOT REPLY TO THE EMAIL OR OPEN AN ATTACHMENT IF YOU THINK IT IS SUSPICIOUS. You can forward the email to the appropriate person at GNJ and ask them to verify.