Email message scams targeting church members by impersonating clergy
If you receive an email that appears to be from a Saint Matthew staff or council person, asking you to take some kind of unusual action – click a link or download an attachment, wire money to a specified account, purchase gift cards, or simply to reply quickly, watch out – it is probably fraudulent. Because these emails are usually crafted more carefully than your standard “phishing” email, they can be more difficult to detect.
A few people have received fake email messages purporting to be from Pastor Tim. The email accounts in question have not been hacked. Instead, they are being “spoofed” – a fraudulent email account is configured to look like a legitimate one.
Please always verify the “from” email
The people behind these emails are counting on people springing into action as soon as they see an important name on an email. You can outsmart them by looking beyond the name and checking the “from” email address to see if it matches what you know the alleged sender’s email to be. If you only see a name, you can cause the “from” email address to be displayed by hovering the cursor over the name.
All staff emails will come from email@example.com (normally the staff person's first name and the first initial of their last name, for example: firstname.lastname@example.org) and no other variation of staff email addresses are official. We will never write to you from our personal email accounts.
Confirm requests with a conversation
Even if the email or text seems legitimate, if a request seems even remotely “off,” don’t act on it until you confirm it with a phone call or face-to-face conversation.
If you do receive an unusual email from a staff person, you may want to reach out to that person using their contact info in the staff directory. DO NOT reply to the suspicious email. If you receive a fraudulent email, please report the email as "phishing" to your email provider so that they can investigate further.