scam alert

ErikP
Offline 1 month ago
We get the "the pastor urgently needs a bunch of $500 apple gift cards for a widow" all the time, but today we got a new one.
Someone picked an elder from our website, created an email address with his name, added his picture and name to the account to help it look even more legit, then used this new/fake account to contact a couple staff members and say "this is my new email address, please update the main database ... oh, and can you also send me a new church directory as a pdf."
Fortunately, I caught wind of it before they actually got anything, but that was a close one. I was starting to help with the directory thing when I started to sense red flags. At that point, I picked up the phone and called the elder. They did not have a new email address.
I had heard about another church that went through a similar thing where the scammer used the fake email to reset their database login. This is why I have chosen to lock down the email field in Arena. I would like to figure out a way to only lock down it down if the record is for a person with high database privileges, but until then I've decided only a couple of us can edit emails. And the incident today confirmed why.
Parents
No Data
Reply
  • Offline 1 month ago

    Thanks for alerting us.

    They are getting incredibly inventive and sophisticated. I saw on NextDoor a member of a local church near me warning about a scam where someone got a hold of their church directory, extracted the phone numbers and then sent out a text from "the pastor" asking for gift cards for a member of the church who was sick and facing financial hardship. 

    When scammers start taking full advantage of AI tools in the next year or two, it is going to be out of control. I think your lockdown of emails (that would seem like an over-reaction before) is a prudent move. I think companies will need to put in place decision tree type tools for request to change phone numbers, emails etc. Like, "Did the request originate from an existing email?...If not, did you call a known phone number to confirm the request was legit.

    Oh, and no church should have their member directory online. Hard no!

Children
No Data
More Content
www.shelbysystems.com