The U.S. Treasury Department is reporting an increase in the number of “fake email messages” that are proving to be highly effective in scamming the recipients, often costing them thousands of dollars. Sometimes the request is for gift cards, but often it may come as a request for cash, the latter putting your own bank account at risk. Sadly, in many cases, the request for help appears to be coming from your own priest or bishop. The email is, in fact, sent by a hacker using email redirect to impersonate the sender. When a payment is sent by you, the hacker changes the bank details and redirects the funds to his or her own account, NOT to the account of the person to whom you believe to be offering your help.
The email will look real and you’ll be tempted to offer your assistance, but you should check before responding or providing any assistance.
The Diocese of Orange banking partner, Farmers & Merchants, offers these tips to protect you from email redirect scams.
- Verify first, pay second. Email accounts can become compromised and an email you receive may be fake. If you receive payment instructions in an email from what appears to be a trusted customer or vendor, call the individual who made the request, prior to initiating payment, to ensure it is an authentic request. Never use the phone number listed in an email. Call a phone number you know to be theirs.
- Scrutinize Overpayments. A popular scam is to request a refund by cashier’s check or wire transfer for an alleged overpayment that was deposited into your account. Be sure to question how the overpayment occurred and wait for the initial deposit to clear before initiating a refund.
- Beware of confidentiality. Whenever wire transfer instructions specify keeping the transaction a secret, verbally verify with an authorized individual or the person requesting the transaction.
- Take your time and be cautious. A common red flag of a perpetrator is trying to rush a wire transfer or payment.
- Verify Changes. Any time you receive new payment instructions or a change to existing payment instructions, verbally confirm with a trusted source that they sent the request.
- Double Check Email Addresses. A common trick is to slightly modify a trusted email address. For example, email@example.com might be changed to firstname.lastname@example.org. Another common trick is for a fraudster to spoof a display name to look like the email is coming from a trusted source. To verify the sender of a payment request, use your computer cursor to hover over the display name in the “From” field to verify it is the email address of a trusted source. Illegitimate emails will show a different email address.
- Use Forward Instead of Reply. Do not reply to an email with a wire or payment request. Instead, forward the email to the email address that you have on file.