In Layman's Terms: Don't fall for spoof of bishop's email
The folks who like to wreak havoc with email and get you to pay for things they want are getting more and more sophisticated.
It wasn’t all that long ago that many of us were receiving emails from sudden royalty in Nigeria or some other country who just needed a little money to leave their homeland for the United States. If you were to give this person your bank account numbers or wire him or her money, the person could escape and would pay you with millions of dollars upon arrival in the United States.
It was a far-fetched story that most people could see through quite easily. But scammers now are aiming lower, and they are making their schemes look more and more realistic.
This week, many people in the Great Plains Conference – at least based on notifications in my email – received what is known as a “spoof” email from Bishop Ruben Saenz Jr. It’s somewhat ominous because the subject line reads “URGENT!!!!!!!!” Technically, the bishop’s email was not hacked. Nobody sent an email from his actual email. Instead, it’s a spoof: It looks like it came from him, but in fact it came from someone else entirely.
A screen shot of the email I and many others received is below:
Now, in my case, I do sometimes receive an email from the bishop asking if I’m busy so I can help with a project of some kind. But several things in this email immediately set off warning lights in my mind (I won’t share the specifics because I don’t want to clue in the people who do this kind of thing). But the easy one that I want everyone to look at when they receive a suspect email – or even an email that isn’t suspect but comes from someone you regularly receive correspondence from, such as the bishop – is the “from” line.
Take a closer look at that screenshot.
Yes, it says it’s from Bishop Ruben Saenz. But the actual email address clearly reads “firstname.lastname@example.org.” That’s clearly not an @greatplainsumc.org email address. And as I share with new pastors in the Great Plains Conference, we will only send official emails from the episcopal office or the conference office from our @greatplainsumc.org email addresses to your @greatplainsumc.org email addresses.
What makes this latest spoofing email so concerning is that it sounds personal, but it also at times includes a scam to steal from you, using the bishop’s good name in the process. Based on what I’ve received from a few people who received this email, sometimes the email went on to say that the bishop needed assistance by a person buying $100 iTunes cards. They are told the bishop is in meetings and needs this for something he is doing at the time. The person is to buy the card with their own money and then scratch the card to reveal the code, take a photo of that number and send a picture of it to that email address.
In effect, it’s using the bishop’s name to tell a person to buy an iTunes card and then send it to the thief who sent the email. The thief gets free iTunes or app store access. You’re out $100.
Please don’t fall for it. The bishop is more than capable of doing his own shopping. Trust me when I say he won’t ask you to buy anything on his behalf.
And if he wants to send you an email, you will clearly see the @greatplainsumc.org in the actual address.
Todd Seifert is communications director for the Great Plains Conference of the United Methodist Church. He can be reached via phone at 785-414-4224, or via email at email@example.com. Opinions expressed are the author's alone and do not necessarily reflect the views of the Great Plains Annual Conference or the United Methodist Church. Follow him on Twitter, @ToddSeifert.