Email scam hitting all churches

Dear Parishes and Parish Leaders –
A couple of our parishes have reported recently that some parishioners have received emails or texts purported from a priest, deacon, or other parish leader, asking the recipient to assist them by sending cash, buying gift cards, making money transfers, asking for sensitive data, etc.. Responsible parish leaders would never ask for assistance in this manner. Our elderly are especially vulnerable to these kinds of schemes.
This is happening nationwide and is, of course, a scam. In these cases, the scammers will typically manipulate the “from” email address and name so that it appears to be coming from someone the recipient knows. The email often asks immediate help in order to get a task done (such as purchasing a gift card or wiring money). Nationally there have also been calls and texts that claim to be the IRS, utility companies, and other institutions, requesting money to avoid going to jail or other penalties.
I remember getting an email several years ago that looked like it came from another diocesan staff member. In the preview, I could see the claim was that she was stuck in a foreign country, her wallet had been stolen and so she needed money to get home. (The funny part was I had just gotten off the phone with that staff member.) Another time the email said the person needed bail money and they were too embarrassed to ask anyone else.
Often scammers use real Amazon or Pay Pal or Bank logos to get you to think it’s legitimate and provide a link to click on. (Often if you hover over the link with your mouse without clicking on it, you can see where it will lead. If the email appears to from a place where you have an account, do not click on the link. Simply go to the site yourself and log in.)
The first questions we are always asked is “how did this happen?” “How did they get my number (email, address, etc.)?” Phone numbers, email addresses, etc., are often readily available these days and so figuring out how the scammer got the address or who really is the sender is often virtually impossible.
We’ve said all this before, but here are some things you can do:
• Be vigilant in how you use your computer, other devices and software.
• Check sender details carefully. Any suspicious email message should be investigated before replying. Pay attention to the message content, including attachments and URLs.
• Do not open email you think might be suspicious or just seems odd. You can always call the sender to find out if they had sent you something.
• Do not click on links embedded in an email.
• Do not open attachments if you are not sure of the email’s veracity.
• When in doubt, call: If there are questions about any email, do not open it or reply. Instead, pick up the phone and call the parish or the diocese.
• Let your staff and congregation know that Parish leaders will never solicit funds by email, or that any request must be verified with the office.
• Review and regularly update your own passwords. Do NOT reuse passwords or use the same password on more than one site. Make sure passwords contain a variety of letters, numbers and special characters..

If your church receives any suspicious emails, you can notify the diocesan Communications office and the United States Computer Emergency Readiness Team, or US-CERT, part of the Department of Homeland Security. Information and links are below:
• Report Phishing Attacks: the United States Computer Emergency Readiness Team has an Incident Reporting page to report email phishing, as well as an email to forward them to, at
• Forward all emails to the Anti Phishing Working group at

If you have any questions, please don’t hesitate to contact me.

God bless and Happy Easter!


Candace Neff
Director of Communications
Diocese of Gaylord
Facebook: DioceseofGaylord
Twitter: DioceseGaylord