Email Scammers Target Church Again with Fake Evites

As many of you may recall, email scammers targeting our church staff and members have several times over the past few years sent out fake emails looking like they come from our minister, staff, or congregation members, asking the recipients to contact them or do them a quick favor (often involving the delivery or transfer of gift cards).

On Tuesday, May 28, we were alerted to yet another new round of these phishing scams. The current version comes as a familiar-looking “evite” from a church member, whose name and sender address you will likely recognize, inviting you to a party and instructing you to click on links to view the invitation, RSVP, or see the guest list.

If you receive a copy of this note, or anything similar, please:

  1. DO NOT click on it or respond, and…
  2. DO mouse over the links in the email, without clicking on them. In the two versions of the invitations we saw, those response links didn’t go to a well-known invitation website like Evite or PaperlessPost, and they didn’t go back to the person who supposedly sent the email. Instead, a quick mouseover shows that the links go to a web page called gswami.org/invitesss, which is NOT a legitimate invitation service, nor any known church member.

Also, it’s worth pointing out that the church members whose name appear in the invitations, and in the “from” line of the invitation emails, did not have anything to do with the fraudulent emails. Instead, they were likely victims of a technique called “spoofing,” in which addresses stored in someone else’s contact list were stolen and then used to send the nefarious emails.  This makes it look like the communications are coming from someone familiar when they’re not.  They’re also not traceable to the real scammers, so there’s nothing we can do about it.

Variations of this trick have been used on scam mails sent to our church members in past, often with those messages coming from addresses – such as xxxuusm@gmail.com – or referencing slightly awkward versions of familiar names, such as “Pastor Rev. Jeremiah Kalendae.” 

So if something about an email you receive contains suspicious links, return addresses that sound like church addresses but don’t end in uusm.org, or contain requests for a personal favor from someone who usually wouldn’t make such a request, you should definitely trust your gut, know that it is not a legitimate communication, and ignore the message.  And if there is a familiar name referenced in the message, but something feels just a bit off about it, do not respond to the email…and instead contact the person directly to confirm they did not send it. You will most likely learn the request is a fake, and you can simply trash it and move on without any harm.