How to avoid fraudulent emails

At any time of year, particularly over Christmas, email scams prey on our personal vulnerabilities. In many cases, certainly in the context of your Church and Congregation, the scammers look to take advantage of your desire to be helpful. Others may receive messages looking to prey on a fear of loss, an easy gain or fear of missing out. These are just a few examples.

ANYONE can fall victim to an email scam. The advice from your IT Department and Data Protection Officer is the same in all cases, as follows:

1. Treat all incoming email with caution. Don’t just click it, take a breath, pause for a moment and look carefully.

2. Check the email address used to send the email - you can do this by simply hovering your mouse over the sender name if you're using a desktop computer. On smartphones there is often a way for you to see more information about the sender by clicking on a symbol near the sender name. Read it very carefully. If the email claims to be from a Church of Scotland sender, but displays as a Gmail or other free email account, that's a warning that something isn't right. Even if the sender name is a name you recognise, always check the actual email address. If you are in any doubt, leave the message unclicked and delete it.

3. Some scams involve asking you to make a purchase on behalf of someone you would trust. Ask yourself, "Is this something this person would normally ask me to do?" If you are in any doubt, contact the person by phone, using a number you know to be correct (NOT any numbers that might appear in the email). In all cases where you would use a telephone number, NEVER use the number provided in an email message, ALWAYS use a number you are sure is correct (on printed bills for example, or a number you KNOW to be correct).

4. If you are asked to perform an action which sounds unusual, for example “go and buy an Amazon voucher and respond to my email with the code” – don’t do it. If the email looks as though it is from someone you think you can trust, verify with them by telephone. If you can’t verify the instruction, don’t do it.

5. If an offer sounds too good to be true, it IS too good to be true. Delete it without clicking on it.

6. Look out for spelling mistakes. Many scam emails are quite sophisticated nowadays but can give themselves away in their use of poor grammar or spelling mistakes.

7. If the message contains a link and wants you to click on it, check it carefully first (again, by hovering your mouse over the link without clicking, the true link will be displayed.). If you're not sure, don't click on the link and DO delete the email.

8. If after clicking on a link you do find yourself directed to a website, perhaps faced with a form or a login page to a system you use regularly, STOP. Close the web page and use your regular, trusted method for logging in to whatever website is involved.

9. If your online accounts (for email, shopping or social media) have “2 factor” (2FA) or “multifactor” (MFA) available for you to use, make sure you enable it and use it. MFA prevents the vast majority of online account hijack attempts. If you think MFA (using a text message code or an authentication app on your smartphone) sounds like a bit of a faff and a waste of time, I can assure you it is an awful lot easier than trying to regain control of your online account.

10. Smartphones are great, but the size of the screen often means you can’t see all the content of an email message. Scammers rely on this to get you to click things in a hurry. Take your time. If you’re not sure, wait until you’re in front of a regular computer and check your email on that.

Don’t let scammers take advantage of your goodwill, seasonal or otherwise.


Printer Printable Version