Staying Safe and Staying in Community: Tips for Engaging Online
Recently, there has been a rise in the number of email and text-based scams targeting members of this church. Actually, this doesn’t only apply here – church members across faith traditions are becoming increasingly common targets for this sort of attack. I really appreciate everyone who has reported these scam messages to church staff. This lets us warn the community to be extra vigilant, and I’m tracking when these incidents happen.
In this article, I will give you some tips and advice for spotting these malicious messages and avoiding their tricks – plus, some good news about the importance of our shared community.
- The easiest way to spot a malicious email or text message is by checking the sender’s address/number. For email messages, this is easy. All emails from church staff (except for Rev. Grant) will come from an address ending in “@uubloomington.org”.
Rev. Grant’s email address is constance.l.grant@gmail.com. If you’re ever in doubt as to whether an email actually came from her, you can always edit the “to” address when replying, so your return email goes to grant@uubloomington.org. This address forwards to Connie, so you can be sure any of her further replies are definitely legitimate.
For text messages, this is a little bit harder. If the person texting you is a fellow member of the church, though, you can sign in to our directory (uucb.churchcenter.com/directory) and look them up. If the phone number you got a message from matches the one we have on file, you’re probably OK to continue the conversation. This also works for emails exchanged with non-staff members of the community. If you’re not sure, check another source to make sure the contact information lines up.
This is a great reason for everyone to make sure that their directory profiles are up to date, and that their information is shared with the congregation. Not only is it convenient, but it could save someone from falling victim to a scam. - It’s also good to check that the emails you’re receiving actually make sense. If something is misspelled, using nonsensical grammar, or just asking for something outlandish, that can be a sign that it’s not legitimate. No staff will EVER ask for gift cards or bank account information. NO request for passwords or “access to the database” is legitimate.
- Always make sure that any links you click on are honest about where they are taking you. This is a helpful tip anywhere on the internet, but especially in emails. When you hover over (place your cursor on top of without clicking) a link, your web browser will show you the actual destination somewhere across the bottom of your screen. This varies depending on which web browser you’re using, but it’s usually on the lower left or lower right.
If you’re using a phone or a tablet, you can usually long press (tap and hold) a link, which will give you a whole list of actions to choose from. The destination of the link will be listed there, just as it is across the bottom of the web browser on a computer.
Let’s do a brief exercise. First, hover over the link to our directory in item 1. You’ll see in your browser’s status bar that it’s actually going to Church Center. This link is all clear. Next, consider the following link, claiming to take you to Google: google.com
Now, hover over that link (or long press it, if you’re using a phone). You’ll see that instead of taking you to google, that link will actually take you to our website. That’s innocent enough (and you can try it, if you like), but hopefully you can see how bad actors could use this same tactic to direct you to a malicious website. - Always remember that if you’re being asked for something, you are in control. If you get an email from someone claiming to be part of the church and it just feels wrong (whether it exhibits any of these scam warning signs or not), you can always end or pause the conversation. The same goes for text message conversations, and even phone calls. A large part of how these scam operations succeed is by creating a sense of urgency. This makes us more likely to respond emotionally – before our rational brains can take over. There is very little in the business of the church which truly requires immediate action, and none of us will be put out by anyone choosing to be more careful in communications.
If anything seems off, switch to another known mode of communication to reach the person who claims to be attempting to reach you. This could be:- An email to someone else you trust, who might know the person better
- A phone call to the actual person’s number
- Stopping to talk to us on Sunday morning (please wait till AFTER the service if it’s staff you need to talk with!)
- Drop by the church during office hours and ask someone (even if it’s not the person who claims to have reached out to you)
- Or anything else!
If none of these things are possible, don’t be afraid to simply delay the conversation. Put the email or text aside for at least a few hours, or tell the person on the phone that you have to take care of some urgent business and that you’ll reach out later. Think about the interaction and what raised red flags for you, and whether you want to continue it.
- Lastly, a note on community. Along with creating a sense of urgency, and taking advantage of our willingness to help others, these scams have been shown to target those people who are statistically likely to be lonely, and/or lack the technical skill to spot the signs of malicious communication. Both of these tactics can be completely thwarted by remaining in community. I recommend a “Digital Buddy” system. Find someone (or multiple people) in the community who would be willing to offer a second opinion on any suspicious communications. Do the same for them. You don’t have to be a computer expert, either. Most scam messages seem fairly obvious when approached rationally. Often, all that’s required is a second set of eyes, or a couple minutes on the phone to talk things through with a friend.
In review:
- Check that the message you’ve received actually came from the sender’s address.
- Make sure that requests are logical before responding to them.
- Watch out for misleading links, even if a message seems otherwise legitimate.
- If anything seems off, reach out by another method, or just delay the conversation.
- Stay in community. Keep in touch with each other. Reach out in times of confusion, and be available for others to do the same. We’re all in this together.
I hope these tips help you all remain more vigilant and confident as we navigate this new digital world together. Modern scam tactics can be extremely confusing, even to those of us who grew up on the internet. There’s no shame in not knowing what’s going on. Let’s all keep talking to each other, and stay in relationship. There is truly no better way forward.
I’m always available for questions over email to hkelson@uubloomington.org
Hans Kelson, Technology Coordinator