Phishing Attack on First Church – UPDATE

Brian Heckber   -  

We wanted to provide you with an important update regarding a recent email you may have received from someone claiming to be Darin and asking for help. We identified the issue, confirmed its source, and resolved it within 24 hours. Rest assured; no financial data was accessed. Moving forward, please note that Darin will not make such requests through email.

To help you recognize and avoid similar scams in the future, here are some helpful tips on spotting phishing emails and texts:

How to Spot Phishing Emails/Texts

Phishing emails are fraudulent attempts to obtain sensitive information by pretending to be a trustworthy entity. Here are key indicators to help you identify phishing attempts:

Check the Sender’s Email Address:

  • Display Name vs. Email Address: Don’t rely on the display name alone. Check the actual email address. Phishing emails often use addresses that resemble legitimate ones but with slight variations (e.g., admin@paypa1.com instead of admin@paypal.com, where the “l” is replaced with “1”).
  • Mismatched Domains: Be cautious of emails coming from domains that don’t match the organization’s official website (e.g., an email claiming to be from First Church but sent from @gmail.com).

Analyze the Email Content:

  • Urgent or Threatening Language: Phishing emails often create a sense of urgency or use threats to make you act quickly without thinking (e.g., “Your account will be suspended if you don’t respond immediately”).
  • Suspicious Links or Attachments: Hover over links (without clicking) to see the actual URL. Be wary if it doesn’t match the official website. Avoid opening attachments unless you are certain they are safe.
  • Generic Greetings: Legitimate companies usually address you by name. Be cautious of generic greetings like “Dear Customer.”
  • Spelling and Grammar Errors: Professional companies typically avoid sending emails with noticeable spelling or grammar mistakes. Such errors can be a red flag.

How to Report Phishing Emails

If you receive a phishing email, follow these steps to report it:

  • Do Not Respond or Click Links: Avoid replying to the email, clicking on any links, or downloading attachments.
  • Report to Your Email Provider:
    • Gmail: Open the email and click on the three vertical dots in the upper-right corner. Select “Report phishing.”
    • Outlook: Right-click on the email, select “Report junk,” then choose “Phishing.”
    • Yahoo: Open the email, click on the three dots, and select “Report phishing.”
  • Report to Your Organization: Forward the email to your IT department or security team so they can take appropriate action. For First Church, please forward suspicious emails to IT@firstchurch.me.

Thank you for your attention to this important matter. Stay safe and secure!