Last Sunday, some Trinity parishioners and staff members received some very strange emails that appeared to be from Fr. Gerry. An image of one of them is below.
Let’s count the number of things wrong with this, shall we?
- He doesn’t use a gmail address – he will always email you from his address at TrinityWoodlands.org.
- GOD BLESS U “name” doesn’t make any sense, and is likely a failed attempt to personalize the message with the recipient’s name.
- The language doesn’t sound like him, does it? Fr. Gerry would definitely spell out “You” rather than shorten to “U.” I have it on good authority that his grammar, spelling, and punctuation are always on point, even in text messages. “Thanking and Regards” is just not his style.
Stranger messages followed this one, but I’ll spare you the details. This is what is called phishing: an attempt to get personal information or money by posing as a reputable or trustworthy company or individual. Phishing has been around for a long time, but reports of phishing doubled from 2014 to 2015. Attacks have grown increasingly sophisticated as well, with company logos perfectly rendered and messages appearing completely legitimate. And the potential damage of identity theft can be devastating.
Here’s a short list of tools for protecting yourself from phishing:
- If something about the message seems off – even just a little – stop and review it carefully before you open or click.
- Look at the sender’s email address. Hover over the name and see what address is revealed. If the display name is Wells Fargo but the email address is anything other than email@example.com, don’t click anything. This is much easier to do on your computer than on your smart phone.
- The text of the message will often have misspellings and poor writing overall.
- The context of the message is important – would Fr. Gerry ask you for a personal loan? Would your bank ask you for your social security number? If the request is unusual, that’s a red flag.
- If the sender needs something urgently, especially money or for you to log in to a website, don’t click anything. Call the person or company to verify.
There are a number of additional resources available if you want to educate yourself further. This article covers a number of things to look out for and shows how easy it can be to fall for a phishing attack. There is also an anti-phishing non-profit organization that tracks the data on phishing, and aggregates information on these scams from the FBI, Better Business Bureau, FDIC, and more on their resources page. Stay Safe Online, part of the National Cyber Security Alliance, covers all aspects of online safety, including all forms of phishing. Their whole website is great; this page covers phishing.
Hackers are a fact of digital life, because they succeed often enough to make it worthwhile. Stay safe and use the tools available to be informed.