Over the past few days, several parishioners have reported receiving emails from scammers pretending to be Fr. Jim, requesting help obtaining iTunes gift cards. The first email is a request for a “quick favor” and asks the recipient to email back as quickly as possible. If the recipient replies to the email, “Fr. Jim” responds that he is very busy and needs help getting iTunes gift cards for a cancer patient (or for another charity or cause.) The scammer directs the recipient to purchase an iTunes gift card, scratch off the back to reveal the PIN, then email a photo of the PIN as quickly as possible.
First and foremost, please know that neither Fr. Jim, nor anyone else at the Collaborative (nor any other legitimate organization) will ever request donations via iTunes or other gift cards, money orders, or wire transfers.
This scam, and others like it, have targeted churches and other nonprofits nationwide, and several area parishes have recently been hit. The emails are not being sent from an actual Collaborative email account – our systems have not been “hacked.” They are sent from newly created public email accounts that are designed to look similar to a Collaborative email account.
If you receive such an e-mail, DO NOT REPLY. Please forward the email to firstname.lastname@example.org, so we can follow up with the RCAB IT Office, and then delete it.
Please read the tips below, which will help you to spot this type of email scam and other like it. If you have any questions, please email or call Tricia Amend Bombara, IT and Communications Coordinator (781-235-0045 or 781-235-1060.)
SOME TIPS FOR SPOTTING EMAIL SCAMS
1. The email seems to be from a reputable source – usually someone you know – but the actual email address is off.
With scam emails, the “From” will have the expected name, but the actual email address will be a public email address, like @gmail.com or @yahoo.com. For example, in this recent scam the email was sent from: <email@example.com>. Fr. Jim’s actual email address is: <firstname.lastname@example.org>.
Any legitimate email from the St. John-St. Paul Collaborative will come from a @sjspwellesley.org, @stjohnwellesley.org, or @stpaulwellesley.com email address. If you are ever unsure about an email that purports to be from someone at the St. John-St. Paul Collaborative, please call either parish office (SJ: 781-235-0045 or SP: 781-235-1060) or email us at: email@example.com
2. The tone of the email creates a sense of urgency.
Scam emails will create a sense of urgency in the hope that you will act quickly, without the usual caution. Sometimes, as in this recent example, it is done by pretending to be someone you know who is in urgent need of help. Other types do this by warning that one of your accounts has experienced suspicious activity or is about to expire; often, you won’t even have an account of this type, which makes you fear that someone has stolen your identity. These are huge red flags. If you receive this type of email, contact the person or organization directly using the contact details you already have for them or that are on their legitimate website. Never use any contact details or click any links provided in the email.
3. The email contains poor spelling and grammar.
You can often detect a scam email by the way it is written. Everyone makes an occasional grammar mistake or spelling error, but if the writing style is very different from what is typical for the sender, and/or it contains multiple spelling mistakes and poor grammar, that should be a big red flag.
4. The email asks for personal information.
Regardless of how legitimate an email message may appear, it is always a red flag if the message asks for personal information. A reputable organization or company will never send an email asking for passwords, credit card numbers, or the answers to security questions. Never click on any links provided in an email that requests personal information.
5. The email message sounds too good to be true, or something just doesn’t look right.
The old saying “if something seems too good to be true it probably is” is especially true when it comes to email messages. Similarly, if you receive an email message that makes you question it’s legitimacy, even briefly, it’s probably for a good reason.