diofav 23

Catholic News Herald

Serving Christ and Connecting Catholics in Western North Carolina

‘Phishing’ scams target Charlotte-area pastors, parishioners

Pin It
Whatsapp

042418 onlineCHARLOTTE — "Phishing" scams involving priests continue to circulate around the Diocese of Charlotte, and parishioners are again being warned to remain vigilant and immediately delete any suspicious-looking emails or texts from priests asking for cash, gift cards or other favors.

More than two dozen clergy in the diocese, and even Bishop Peter Jugis, have been impersonated by scammers online since the first incident was reported in April 2018.

Now four years later, scammers continue to prey on people's trust by impersonating local clergy.

In the most recent instance, St. Mary Church in Greensboro warns Aug. 2, 2022 of messages to parishioners impersonating Father John Timlin asking them to purchase gift cards for patients at the hospital and to surprise staff. The emails are not from anyone associated with the parish. Please disreguard the email.

In May 2022, St. Mark Church warns of someone using the email display name "Fr. John Putnam" but when you expand the email address, it is not from the church's account. "Please always check the real email address, not just what the names appears to be," the parish warns on its Facebook page. "If you are in doubt, please give us a call at the office. When you see something such as this, please don’t respond, just simply delete it."

This scam alert is nearly a year after the previous alerts. Good Shepard Church in King warns that someone is texting parishioners impersonating Father Henry Tutawan, the parish warns on Facebook Aug. 4, 2021.

Parishioners of Sacred Heart Church in Salisbury received emails from someone impersonating Father John Eckert. The fraudulent emails were sent from a Gmail account in March 2021.

The month prior, someone sent text messages sent to various members of the Thomasville parish supposedly from Our Lady of the Highways Church's Father Gabriel Carvajal Salazar. The fraudulent text messages read, "I need a favor from you please text me back as soon as possible. - Rev. Gabriel Carvajal Salazar."

Scammers also recently targeted Father Lawrence Heiney of Holy Angels Church in Mt. Airy, Father John Putnam of St. Mark Church in Huntersville, and Father Pat Cahill of St. Eugene Church in Asheville in texting and emailing people asking for money or gift cards.

Father John Hanic, pastor of St. John Baptist de la Salle Parish in North Wilkesboro and St. Stephen Mission in Elkin; Father Brendan Buckler, pastor of St. Elizabeth Church in Boone; Father Christian Cook, pastor of Immaculate Conception Church in Hendersonville; Father Matthew Codd, pastor of St. Thomas Aquinas Church in Charlotte; Father Noah Carter of Holy Cross Church in Kernersville; and Father John Eckert, pastor of Sacred Heart Church in Salisbury, have also been impersonated recently in emails and texts asking for money, gift cards or favors.

Pastors and Diocese of Charlotte IT staff urge everyone to be extremely cautious with any emails or texts appearing to come from a Church official that ask for money, gift cards, or an urgent request for a reply.

They warn: No priest of the diocese will ever solicit for cash donations or gift cards via personal emails or text messages. If you receive a message that looks suspicious, please immediately delete it and alert your parish office. In the case of scam text messages, alert your parish and block the number.

These "phishing" email scams and text message scams have been making their way around the Charlotte diocese for more than two years.

Targeted clergy have included:

  • Father Matthew Bean
  • Father Paul Buchanan
  • Father Brendan Buckler
  • Father Michael Buttner
  • Father Patrick Cahill
  • Father Noah Carter
  • Father Gabriel Carvajal Salazar
  • Father Matthew Codd
  • Father Brian Cook
  • Father Christian Cook
  • Father Paul Dechant, OSFS
  • Father John Eckert
  • Bishop Peter Jugis
  • Father John Hanic
  • Father Lawrence Heiney
  • Father Thomas Kessler
  • Father Joseph Mack
  • Father Tom Norris, OSFS
  • Father Adrian Porras
  • Father John Putnam
  • Father Timothy Reid
  • Father Christopher Roux
  • Jesuit Father James Shea
  • Father Richard Sutter
  • Father John Timlin
  • Father Henry Tutawan
  • Father Tri Truong
  • Father Joshua Voitus
  • Father Patrick Winslow

“It’s a really good scam. Impersonating the identity of a trusted authority can be very effective.” – Scott Long, Diocese of Charlotte's director of technology services

The scam was brought to light in April 2018 when criminals sent emails impersonating then-pastor Father Frank O’Rourke to parishioners of St. Gabriel Church asking for iTunes gift cards to help a sick friend in the hospital.

Several parishioners assumed the email was actually from their pastor and sent the impostor gift cards worth about a thousand dollars. The gift cards were used immediately, and none of that money was recovered, Claudia Goppold, St. Gabriel Church business manager, said at the time.

Neither Father O’Rourke’s email accounts nor the parish’s communication system was compromised, said Scott Long, director of technology services for the diocese. Somehow someone received a list of some of the parishioners’ email information. The impostor created a new account using Gmail and pretended to be Father O’Rourke.

“Someone actually just impersonated him. They created a new email account and used his authority as pastor under the new account. People trusted that it was legitimate,” Long said. “It’s a really good scam. Impersonating the identity of a trusted authority can be very effective.”

If you receive an email asking for information or money – whether from your bank, a vendor or even your pastor – it’s good to verify the information by calling using a contact number not in the email message, Long said.

That’s how St. Gabriel Church learned of the scam: Someone called the parish office and asked about the email. Parishioners later did receive an email – a legitimate one – from the parish to warn them about what had happened.

Requests for money or some sort of payment is often a red flag, Long said. Even if you know the sender, it’s good to call to verify the request.

The top tool hackers use to gain information is people, Long said. And email is a way to reach those people.

When opening an email, you should evaluate its legitimacy, Long said. Key things to look for are misspelled words, poor grammar, bad punctuation and an urgent call to action.

“If anything about a message raises your suspicion, you are better off without that message in your mailbox, so just delete it,” he said.

“Criminals are getting better at spelling, though,” he added. “These emails are full of gimmicks intended to be time-sensitive, play on people’s emotions and inspire people to act quickly. It’s hard to tell what’s legitimate or not unless you’re looking for it.”

Look carefully at the email address and website link to see if they are familiar addresses. Hover over the sender's name and any links in the email with your cursor – but don’t click on them – to see the actual sender’s email address and where the links go, he suggested.

That won’t be as easy to do on a mobile device or tablet, however. Use caution before following links on your device as well.

Long cautioned there are two things people should do online in general: assume you are being attacked – from spam emails to cyber attacks and scams – and assume any information you post or send is public because once it goes out there, it no longer belongs to you.

Another way to protect yourself is to change your passwords to a strong word/number/character combination or longer passphrase relevant to the website you’re logging into that you will remember easily but is difficult for an outsider to crack, Long said.

— Kimberly Bender, online reporter