Email Phishing Scam
  • Recent Issues
    • Zoom 5.0 upgrade required
    • May 15 COVID-19 Update
    • May 7 COVID-19 Update
    • Bishop's Easter Message
    • Join us tonight at 8:30 for a 15-min diocesan-wide Easter Vigil
    • Ring the Bells Update
    • Zoom Meeting Safety
    • We're Ringing Our Bells to Say Thank-You
    • Candles and Prayers for Hope
    • Bishop's Pastoral Letter Re: Easter, Weddings and Funerals
  • Subscribe
  • Visit Website

IMPORTANT NOTICE: EMAIL SCAM

Anglican Diocese of British Columbia
Email Phishing Scam

IMPORTANT NOTICE: EMAIL SCAM

Protect Yourself

Good evening;

Today, another one of our parishes fell prey to a pervasive email scam. This is a part of a new series dedicated attacks that are designed to mimic the look and feel of an internal email and churches like ours our prime targets.

 “Spear Phishing” represents a new style of attack; the best protection is vigilance. When receiving an email, especially one that is related to money or personal information, treat it as suspicious until verified.  

Here are the key steps our diocesan IT company recommends:  

1) Check the sending address.

All senders have the ability to set a personalized Display Name. That Display Name is completely separate from the email address: For example: If someone changed the Display Name on bishop@gmail.com to Logan McMenamie it will appear as if the bishop is contacting you, even though he isn't.

This is how the email is designed to work and will not be picked up as spam or blocked based on Display Name alone. To verify the 'true' email address click on the From line above the email, it should display the actual email address instead of the Display Name. If it looks like it's coming from an unknown email address, it is a phishing attack and should be immediately blocked and deleted. 

Because our diocese uses standardized emails at both the synod level and the parish level it is easier to identify official emails related to our organization. They will either end with @bc.anglican.ca or the domain address of your parish website e.g. @stmikesvictoria.ca. 

2) Verify the information.

If you get a suspect email, don't reply to it. Instead send an email to the person's correct address verifying the information. Or better yet, call or text them just to be sure.  

3) Block the sender. 

The way to do this will vary depending on your email client. If in doubt, search for how in your search engine or ask someone to help you. 

4) If you suspect that your account is hacked, or if you're worried that you accidentally responded to a Phishing attack please call your IT or email service provider to notify them. Unfortunately if you have provided the fraudsters with personal information or sent them money, there is little that can be done to retrieve it. But, letting your service provider know may help them in their efforts to fight these attacks.

5) Ensure that your parish is not publishing on its website (directly on or in documents) the personal email addresses of anyone in your congregation.

Further information on Spear Phishing can be found here: https://resources.infosecinstitute.com/5-ways-to-identify-a-spear-phishing-email/    

Please pass this information on to your contacts to help them keep their digital information safe and to protect themselves from this widespread fraud.

Thank you!

 

Catherine Pate

Follow us on Facebook and Instagram

Facebook Logo Instagram Logo
900 Vancouver Street
Victoria, BC
Canada V8V 3V7

250.386.7781

synod@bc.anglican.ca