Phishing/Spoofing Emails - Beware of emails asking for gift cards

By: Chris Hampton, Director of Web and Database Administration

tldr version: Don't open an email from any WNCC Conference Staff or Clergy unless it is from an email ending in @wnccumc.org, @wnccumc.net, or @brtapp.com. If you get one, report it as SPAM - Phishing Email and delete it promptly.

What is Phishing/Spoofing

Phishing email attacks are on the rise. A phishing email is an email you receive from someone pretending to be someone else (pretending to be the Bishop or the Senior Pastor), asking for something in return.

The most common example of this is an email from "Bishop Paul Leeland" asking for you to buy a gift card for him because he is in a meeting. These are fake and you should not respond. In extreme cases, the email asks you to click a link, which then gains access to your computer and collects private information.

How to spot a phishing email?

To spot a phony email, you can generally notice it by looking at the "From" email address. As you notice in the image below, it looks like it is from Bishop Leeland, but it is coming from a Gmail account, a big indicator that this is a fake email. Nobody on Conference staff will ever email you from anything other than their official @wnccumc.org or @wnccumc.net email address. If the email address ends in anything other than that, it is NOT from us.



You can also spot these emails by the content. Conference staff will never ask you to provide confidential financial information, buy gift cards, or ask for your credit card information over email. 

What can be done?

Unfortunately, there is not much that can be done about spoofing and phishing. Different from hacking, spoofing and phishing simply try to emulate as close as possible the email address of the person it is pretending to be. Hacking involves actual access to the mail server. To be clear, there has been no breach of our email servers by hackers. They simply found the emails by web crawling public websites and are using it to try to trick you. IT staff has implemented increased security measures making it harder for people to gain access to your email address, preventing copying and pasting of an email address and source code obscuring to prevent bots from grabbing information.

What if you receive one?

Don't respond to it. There is no need to forward the email to the person they are trying to emulate. There is no need to forward to IT staff. Instead, your email platform provides ways to report these.

Some great resources, depending on your email platform (all clergy emails with @wnccumc.net are Gmail based) can be found at:
Outlook: https://www.lifewire.com/report-phishing-email-outlook-1174255
Gmail: https://support.google.com/mail/answer/8253?hl=en
Office 365: https://support.office.com/en-us/article/use-the-report-message-add-in-b5caa9f1-cdf3-4443-af8c-ff724ea719d2

As a general rule, you should not respond, but click the arrow beside your emails "Spam" button, and click "Report Phishing Email." This will block it and report it to the email provider. If they receive enough of these, they will typically block the email address permanently.

As always, you can reach out to the IT department or your District Office Administrator for further help and clarification.

For further reading and help spotting these, you should check out: https://www.zdnet.com/article/beware-phony-gift-card-email-scams-heres-why-attackers-love-using-them/