Dear Friends in Christ,


We want to bring an important issue to your attention: an increase in phishing scams targeting churches and individuals in our diocese. These scams often involve emails or text messages that appear to come from clergy or church leaders, asking for money, gift cards, or sensitive information.


It’s important to know that these scams are not the result of a security breach in the diocese. Scammers use a variety of tactics to make their phishing emails seem convincing. They often impersonate trusted individuals such as clergy or church leaders by using similar-looking email addresses, a tactic known as "spoofing." Their messages typically create a sense of urgency, claiming that the sender needs help immediately—often requesting gift cards, wire transfers, or personal information. Other scammers may spoof institutional emails and include links to fake websites designed to steal login credentials. Unfortunately, there is no way for the diocese to prevent these scams from occurring, but we can work together to recognize and avoid them.

PHISHING EMAIL – SPOOFED ADDRESS

This email did not come from Bishop Akiyama—it’s a phishing scam! Here are some clear red flags:


  • Incorrect title: Bishop Akiyama would not refer to herself as "Rev." in official communications.
  • Suspicious email address: "pastoronline226@gmail.com" is not a diocesan email. Always check the sender’s actual address!
  • Unusual urgency and secrecy: Scammers often say they need help "discreetly" and discourage phone calls to prevent verification.
  • Poor grammar and punctuation: "Hello.Do you have some time.I have a request…" is not how our Bishop would communicate.

If you receive a message like this, do not reply! Instead, report it as phishing in your email platform and delete it.

FAKE WEBSITE DESIGNED TO STEAL LOGIN CREDENTIALS

This is not the real PayPal login page—it’s a scam designed to steal your account information. Here are some key red flags:


  • Suspicious URL: The real PayPal website is paypal.com, not "paypal--accounts.com." Scammers often use similar-looking web addresses to trick you.
  • Not Secure: This page lacks a security certificate—look for "https://" and a padlock icon in the address bar when visiting legitimate, secure sites.
  • Urgency or Threats: Many phishing sites claim your account is locked or needs urgent verification to pressure you into acting quickly.


What to do: Never enter your login details on a page you don’t fully trust. Always go directly to the official website by typing the address into your browser yourself. If you suspect a phishing attempt, report it and avoid clicking any links!

Here’s how you can protect yourself and your parish:


  • Be skeptical of unexpected requests for money, gift cards, or sensitive information, even if they seem to come from someone you know.
  • Verify before you act—if you receive a suspicious message, contact the person directly using a known phone number or email.
  • Check email addresses carefully—scammers often use addresses that look similar but have small differences.
  • Avoid posting sensitive contact information online, such as parish directories or staff email lists.


If you receive a phishing email, do not reply, click on links, or send money. Most email platforms allow you to report phishing—look for an option to "Report Phishing" or "Mark as Spam" in your email settings. Reporting these messages helps improve email security and can prevent future scams. Or, you can simply delete the email. If you’re unsure about a message, please reach out to your church office or the diocesan staff for guidance.


By staying informed and vigilant, we can protect ourselves and one another from these fraudulent schemes. Thank you for your attention to this important issue. If you have any questions or concerns, please contact communications@ecwo.org.


Faithfully,


Paul Schutz

Director of Communications

The Episcopal Church in Western Oregon

MORE RESOURCES


General Phishing Awareness & Prevention



Email & Online Account Security



Reporting Phishing Attempts