We’ve received reports that new email spoofing incidents are being sighted by the faithful. These new spoof emails, which are attempts of online money scams, are mimicking emails addresses that may look like those used by the priests and religious in our Archdiocese.
This is a repeat of similar incidents which took place in July 2018 and was reported here.
These spoof emails usually start with an innocent question or remark which draws a response from the recipient. For example “I need a favor from you, please email me back”. If the email recipient replies, he/she identifies himself/herself as a potential victim to the scammers.
Be wary when receiving emails from addresses you are not familiar with. And when in doubt, contact the person by other means.
Read on to empower yourself and learn how to handle spoof/fake/fraudulent emails.
How to spot a spoof/fake/fraudulent email?
- The email address is different from the organisation’s regular domain name (e.g. catholic.org.sg)
- It is sent from a different address (usually a free email account) than what is usually used by the sender
- The email was completely unexpected, uncharacteristic of the sender and out-of-the-norm
- It may use a greeting or salutation that you’re not familiar with or seems out-of-the-ordinary
- It may contain spelling, grammatical errors or sentence structures which seems abnormal
- It may contain an urgent call-to-action or a request for urgent help (e.g. log in to your account now, or an appeal for urgent help)
- It may start with quick question or remark which draws a response from the recipient (e.g. Are you available, I have an Urgent Request)
- It may request for your assistance to purchase an electronic voucher or gift card because the sender cannot for whatever reason
- It may request for personal information such as user name, password, etc and may lead to an official-looking website (always double-check online for official website addresses)
What should I do if I receive a spoof/fake/fraudulent email?
- Do not reply to the email or contact the sender in any way. If you do, you identify yourself as a potential victim to the scammers
- Do not open any attachments or click on any links on the email. It may lead to a virus or malware infection
- Report the spoof/fake/fraudulent emails to the respective email service providers. Learn how to do it here (read Part 2 – Reporting Scams on Different E-mail Accounts)
What should I do if I’ve already got scammed or provided sensitive information?
- Contact the police and make a report here
- Contact the relevant organisation/s that you may have given details about (eg. your bank, credit card company, etc)
Note: Members of clergy, the religious, and Archdiocesan organisations without catholic.org.sg email accounts should request for an account now.
ArchComms, 17 Sep 2019