Churches, clergy and congregations are vulnerable targets for scammers, phishers and frauds who use high tech means to solicit money and play on the grace and caring that is a part of being a United Methodist.
Churches, clergy and congregations are vulnerable targets for scammers, phishers and frauds who use high tech means to solicit money and play on the grace and caring that is a part of being a United Methodist.
Greater New Jersey clergy and office staff have already experienced this. Scammers send emails from fake accounts that look like they are coming from conference staff or GNJ clergy. The emails ask for money or try to engage in an exchange about a problem which will lead to a request for money.
While this activity is almost impossible to stop, in April, GNJ staff participated in Security Awareness Training with Kokua Technologies to learn how to identify and protect against email fraud, identify scams and malware.
GNJ is actively working to minimize this problem. In addition to regularly including email fraud alerts in the Digest and putting resources on the website, Kokua continues to adjust and monitor email filters. They also recommend the following guidelines for churches.
- Be wary of giving away confidential information: This can be either an email or phone call requesting confidential information or a tech support company posing as Microsoft or Kokua Technologies requesting you to initiate a remote login session from your device.
- Don’t use an unprotected computer: Avoid accessing sensitive information from a non-secure computer or while on an open-network such as a free-Wi-Fi hotspot, as your data is visible to anyone. You can determine if the website you are accessing is secure by reading the URL. Secure web addresses begin with https: or with a lock symbol visible in the address bar.
- Don’t leave sensitive information in the open: Secure your passwords, private documents and confidential files while in your workspace. Prevent fraud by keeping your passwords hidden and not in plain view such as a label or sticky note on your device.
- Beware of suspicious emails and links: Delete suspicious emails and do not click on links unless you can verify the email is not fraudulent. Hackers try to steal email lists from organizations, as most email address are available through an online search.
- Lock your computer and mobile device when not in use: Keep your important work safe and secure while you are away. Don’t rely on your screen saver to protect your data.
- Password protect sensitive files: Protect your information from threats by opting for password protected files on your device and when using removable storage such as USB drives. Losing a device can happen at any time
- Create Complex Passwords: Use different passwords for each account or website and make them complex by using characters and numbers that are not common words or catch phrases.
- Don’t install unauthorized programs on your work computer or device: Malicious applications can pose as antivirus software, games and computer programs. These applications infect your computer and put your information at risk. For example, conference office computers have Webroot Anti-Virus software that automatically updates twice a day to protect against threats.
- Back up your important data: Save your files and documents on the cloud or a hard drive for retrieval if your computer is infected with spy-ware.
- Stay alert and report any suspicious activity: Verify unusual requests that come through email independently. Instead of replying to the email, call the person or send a new message to the person to a trusted email address. Emails and phone calls can easily be faked with graphics and wording that appear to be from a legitimate source.