Beware of online scams and impersonations

Online scams and malicious behavior continue to target churches and church leaders. These scams are unlikely to stop, and there is nothing we can do to prevent them.  Awareness and vigilance are our best defense.

Some recent examples:

Bishop Gates on Instagram:

The Instagram handle used by Bishop Alan M. Gates is massbishopxvi.  He does NOT use Instagram’s direct messaging function.  Someone recently created an Instagram account (now disabled) impersonating Bishop Gates, using his photo but with an extra Roman numeral digit in the username. Please be vigilant for fake accounts; do not reply to Instagram direct messaging purporting to be from Bishop Gates; block fake accounts and report them using Instagram’s “It’s Inappropriate” option.

E-mail and text message “phishing” scams continue to proliferate.

Scammers’ tactics vary and evolve, but a common one is to send e-mails or text messages that appear to be from a known organization or trusted church leader (such as a bishop or rector).  They typically ask for urgent help or a favor, and at some stage request that the recipient buy and electronically send gift cards, make donations via money transfer or provide personal information.

Look before you leap, and then look again:  Be skeptical of unexpected e-mail or text message requests to send or spend money or provide urgent assistance.

Important:  Check the sender’s e-mail address for legitimacy before responding or opening any links or attachments.  E-mail from Diocese of Massachusetts bishops and diocesan staff, for example, will come from the designated e-mail domain @diomass.org, NOT gmail.com or other e-mail providers.  (If only a name is displayed in the sender field, try hovering your cursor over the name to display the sender e-mail address.)

In general, treat online appeals for gift cards, money transfers or personal information with suspicion.  If you believe a request may be legitimate, confirm with the actual person or entity, using a phone number or other means of contact that you know to be real (NOT by replying to the message or using contact information, links or attachments provided in a questionable e-mail). 

Church leaders should inform their congregations about these scams and reinforce the message that bishops, clergy and church leaders will never ask for help or donations in this way.

The Federal Trade Commission provides updates about recent scams, by topic, how to recognize the warning signs, and how to report them here:  https://www.consumer.ftc.gov/features/scam-alerts

Zoom-bombing can happen to any group.  Be prepared.

Zoom-bombing tactics also vary and evolve, but a common method is for interlopers to use publicly posted Zoom links to crash meetings and then display inappropriate content and/or abusive commentary. 

Recently an interloper posing as Bishop Gates joined a church’s Zoom worship, using a photo of Bishop Gates and the generic screen name “Zoom User.”  The interloper was detected and removed promptly.

Among the many best practices on Zoom is the recommendation to NOT post meeting links publicly and to instead use the platform’s pre-registration feature.  This reduces risk, and potentially increases ability to identify and report interloper addresses detected via registration and usage reports after the fact.

All churches and groups using videoconferencing platforms should make sure their meeting hosts are familiarized with their platform’s settings and security functions.  Hosts should enable appropriate settings in advance of gatherings, and be ready to use security options during gatherings.

Zoom’s Help Center provides numerous tutorials and guides:  https://support.zoom.us/hc/en-us

Please note these in particular:

February 19, 2021