Some Western PA Conference churches recently have been targets of a scam in which a request for wire transfers of significant amounts of money come from what appears to be the senior pastor’s email address.
Similar schemes hit churches in North Carolina and North Georgia in December 2015 and early 2016. The most recent reported attempt in Western PA began with a late afternoon email to a church secretary from a gmail address that appeared to be the senior pastor’s.
A blog post on Christianity Today's Church Law and Tax website explains how it’s done.
It’s a variation on a scam that targets businesses; targeting churches seems to be a newer twist. According to a North Carolina Dept. of Justice alert, the employee or church leader is a victim of spoofing, “a scamming technique where the crook hijacks someone’s email account and pretends to be that person while sending and receiving a series of messages.
Scammers spend time on the organization’s website, learning who the leaders are. Specifically, they will look for one of the top leaders with organization-wide authority (president, CEO, senior pastor, etc.) and will especially look for his or her email address and nickname (e.g., if the CEO’s real name is William, but he goes by “Bill,” that can often be discerned from the website).
Then, the scammers identify the top financial person (along with any nickname) and his or her email address.
Next, the scammers create an email in which they spoof the real email address of the top leader they have identified. The email will look very much like it came from the top leader and may even appear as having come from his or her actual email address. The email will be sent to the person the scammers have identified as the organization’s top financial leader.
The email will contain instructions, using nicknames if applicable, to wire or transfer money to a particular account in connection with a project or activity in which the top leader is allegedly involved. See full blog post.