Coronavirus Response

  • Home
  • A-Z List
  • About
    • About the NCC
    • Connectional Table
    • Staff
  • Calendar
    • Events
    • Google Calendar
    • Past Events
  • Churches
  • Contact
    • Find Us
  • Districts
    • District Office
    • Beacon
    • Capital
    • Corridor
    • Fairway
    • Gateway
    • Harbor
    • Heritage
    • Sound
  • Employment
  • Search

NC Conference

Healthy Congregations and Effective Leaders in Every Place Making Disciples of Jesus Christ for the Transformation of the World

  • Discipleship
    Developing Disciples
    • Christian Formation
      • Children
      • Church & Society
      • College
      • Differently Abled Persons
      • Educational Ministries
      • Older Adults
      • Status & Role of Women
      • Young Adults
      • Youth
    • Church Revitalization
      • Coaching
      • Disciple Making Way
      • Evangelism
      • Grants
      • MissionInsite
      • Real Discipleship Survey
      • Shift
      • Spiritual Life
    • From the Bishop
      • Bishop’s Bookshelf
      • Bishop’s Sermons
      • Church Transformation
      • Conflict Transformation
      • Connections
      • Discipleship & Learning Plan
    • Multicultural
      • Asian
      • Hispanic/Latino
      • Native American
      • Strengthening the Black Church
    • Stewardship
      • Apportionments
      • District Remittances
      • Financial Discipleship
      • Grants
      • Insurance
      • Mission & Service
      • Pension
      • Treasurer Training
  • Leadership
    Strengthening Leaders
    • Bishop’s Office
      • Appointment Book
      • Bishop’s Sermons
      • Church Transformation
      • Conflict Transformation
      • Connections
      • Discipleship & Learning Plan
    • Ministerial Relations
      • Board of Ordained Ministry
      • Called to Ministry?
      • Extension Ministries
    • Board of Laity
      • Certified Lay Minister
      • Lay Servant Ministries
      • Local Church Lay Leaders
      • United Methodist Men
      • United Methodist Women
      • United Methodist Youth
    • New Faith Comm.
      • Called to Plant?
      • New Room Society
      • Our Communities
    • Conference Offices
      • Center for Leadership Excellence
      • Christian Formation
      • Communications
      • Conference Secretary
      • Connectional Ministries
      • Information Technology
      • Multicultural Ministries
      • Outreach Ministry
      • Treasurer’s Office
  • Service
    Ministering To The World
    • Local Outreach
      • Church Construction
      • Church Loans
      • Restorative Justice and Mercy
      • Disciple Bible Outreach
      • NCC UMVIM
      • Seed Funds
      • Mission Projects
        • Health Ministry
    • Global Outreach
      • Imagine No Malaria
      • Love for Liberia
      • Missionaries
      • Project AGAPE
      • Sierra Leone: Mission of Hope
      • ZOE
    • Disaster Ministries
      • Donate to Storm Response
      • Hurricane Florence
      • MERCI
      • Response Plan
      • Response Team
      • UMCOR Kits
    • Giving
      • Advance/Rainbow Covenant
      • Apportionments
      • Give to Storm Response
      • Mission & Service
      • The Gary Wayne Locklear Mission Endowment
      • New Room Society
      • Special Sundays
    • Ministry Partners
      • Camps & Retreats
      • Partners In Ministry
      • Robeson Co. Church & CC
      • UMF
  • Resources
    Supporting Ministry
    • Conferences
      • Annual Conference 2019
      • Annual Conference 2020
      • Charge Conference 2020
      • General Conference
      • Pilgrimage
      • SEJ Conference 2016
    • Media Center
      • Catalog
      • Labyrinth
      • Ministry Tools
      • Online Resources
      • Weekly Newsletter
    • Online Resources
      • Archives & History
      • Church Lookup
      • Online Data Collection
      • Online Learning
      • Pastor Lookup
      • Podcasts (NCCUMC.FM)
      • Ramus: Web Hosting
      • Video (Vimeo)
    • Publications
      • Advent 2020
      • Appointment Book
      • Bible Study
      • Conference Directory
      • Conference Journal
      • Every Day Grace
      • Lenten Reflections
      • Mission & Service
    • From UMC.org
      • Agencies
      • Communications
      • Discipleship
      • Finance & Administration
      • Global Ministries
      • Graphics Library
      • Relief
      • Status & Role of Women
  • Information Technology
  • Report Issues
  • FAQ
  • Webinars
  • Heartbleed

Don’t Fall for Spear Phishing or Whaling Scams

February 17, 2016 1 Comment

Scammers want you to send them money. They want your password(s) so that they can log into your accounts and steal your data. Many of their attempts are laughably easy to detect and ignore. Others are carefully crafted to create a very convincing request. These requests are particularly dangerous as they avoid all traditional antivirus protection. It is easy to pass by an illegitimate request and perform the requested action. Consider this scenario:

A scammer visits your church website and carefully researches your Senior Pastor and Treasurer. There is likely a pictorial directory of all of your church staff somewhere on your site containing phone numbers and email addresses. Downloading a copy of a staff photo is easy to do. They then create a free email account, set it up to look like it is using your pastor’s email address – it even has your pastor’s face as the profile picture! At this point, everything is in place for a convincing scam. No laws have been broken. People set up throw away email accounts all the time. Keep in mind that this isn’t a robot harvesting email addresses from your website for sending spam. This is a person researching information that will help them in their scan. If a new visitor can see it on your website, the scammer can too.

One morning your Treasurer receives an email that looks like this:

———- Forwarded message ———-
From: Your Pastor
Date: Wed, Feb 17, 2016 at 9:43 AM
Subject: Urgent Request
To: yourtreasurer@firstchurch.org
Cc: yourtreasurer@firstchurch.org

Hello Treasurer,

How are you doing ? I will like you to take care of a wire bank transfer for me today. Can you handle it? If you can, reply and let me know the required information you will be needing to process the wire bank transfer.

I will appreciate a quick response from you.

Thanks
Your Pastor

Your Treasurer should carefully review this email. Is it legitimate request? For this example, only the Reply-To field showed that it wasn’t coming from Your Pastor. You can only see that by viewing the message header in your email client. How do we view this header? Every email program is different, but here’s how to do it in Gmail. In other words, unless you take an extra step, you have no idea that this is a scam. The best way to protect yourself would be to reach back out to Your Pastor and ask them if they made this request. Send a brand new email message (DO NOT hit Reply). Make a quick phone call or send text message. Walk down the hall and ask. If the pastor didn’t make the request then you should disregard this message – don’t send the money or give away your password!

There are excellent resources on how to detect and protect yourself from this type of scam here: Spear Phishing or Whaling Scams Continue to Lure Organisations.

The attackers aim is to steal company information, credentials, deploy malware or steal money.

The scammer sends an email, highly personalised. The email seems to come from a trusted source and the email address used at first glace looks the same as other frequently used ones within the organisation but on closer inspection it can be noted that this is not the case (but employees are not likely to pick this up easily).

The scammer’s aim is to entice urgency, often the email will pertain to an urgent matter that requires critical action thus taking priority over everything else.

An employee opening the email, sees an email sent from a colleague or a trusted source who they regularly deal with, demanding that they take urgent action. This often involves the recipient following a link to a fake website but because they are unsuspecting and nothing has so far appeared out of place the convincing site is the next step in the scam.

To the employee the site looks and feels authentic and they continue to act on the urgent request by either entering company information and or passwords or providing financial details. Alternatively, the email may require you to download an attachment which will place malware on your computer that can log activity allowing the scammer to access your company information.

The scam has only just been initiated, the attacker has his foot in the door and has acquired the information needed to further facilitate his attack which more than likely will culminate in a breach. A breach is detrimental to the organisation and could involve: loss of data, substantial financial implications, legal ramifications and negatively effect the reputation of the organisation.

Know the warning signs

Be aware of tactics often used: impersonation, enticement and the bypass of access-control.

  • You receive an urgent email that you are not expecting, requesting you to take urgent action often relating to a customer service complaint or legal issue-take caution.
  • Take extra care when looking at the sender’s address. It may look similar but not identical or may be one that you do not recognise.
  • Look out for incorrect spellings, vocabulary used incorrectly etc.
  • The email contains a link to a site or an attachment. It appears authentic complete with logos and branding.
  • You are requested to take urgent action, often involving the inputting of company or personal information or the input of financial details, make a payment or download software.

The days of trusting email are unfortunately over. If someone is asking you for passwords, security related information or money you should use caution. Follow up with this person and contact them again via a trusted method. Figure out whether or not the request is legitimate before you take action.

Additional References

  • How to stop your executives from being harpooned
  • What Is ‘Whaling’? Is Whaling Like ‘Spear Phishing’?
  • Tip of the Spear: Phishing or SpearPhishing?
  • Twitter
  • Facebook
  • LinkedIn

Filed Under: Advisories, E-mail, Security Tagged With: advisory, attack, email, phishing, scam, Security, whaling

IT documentation

  • DownDetector
  • Google Apps Help
  • Microsoft Office 2010 E-books
  • Microsoft Office 2013 & 2010 Training

NC Conference of The United Methodist Church · 700 Waterfield Ridge Place · Garner, NC 27529
Phone: 919.779.6115 · Toll-free: 800.849.4433 · Fax: 919.773.2308

Copyright © 2021 · Privacy Policy · Powered by WordPress · Site Admin

  • e
  • k