“Are You For Real?” Some Scams for Churches to Be Aware Of

The email seemed like great news. A person who had been blessed by a worship service while staying in the city months ago had decided to encourage the church with a large donation. They had a successful business, the email said, and the message of hope they received at the worship service that weekend had inspired them to make some changes in their life and put faith and God at the centre of their life. They just needed to know what the best way would be to make the donation.

One morning a week or so later, the cheque arrived. They had promised $8000, but the cheque was for $9000! The timing couldn’t be better; there was a new leak in the roof over the corner of the fellowship hall, and this would cover the repairs. That afternoon, a call came. The caller, they said, was the secretary for the donor. They had made a mistake in making out the cheque, accidentally adding $1000 more than their boss had specified to the amount. Could the church wire the $1000 back this afternoon so the secretary wouldn’t get in trouble?

That makes sense, of course - after all, the promised amount was already very generous, and they didn’t want the secretary to get in trouble. The church wires back the $1000. The next day, a deacon takes the cheque to the bank. It bounces. They never hear from the donor or the secretary again, and they’re out $1000. Looks like that leak over the fellowship hall won’t get fixed any time soon after all.

This is just one of many tactics that are used against churches and non-profit organizations by scammers.

Another scam circulating among churches is the directory request. The scammer creates an email alias of a staff member in the church – probably found on the church website – so the email appears to be from someone within the church. It might play out something like this. The email, seeming to be from an elder or pastor, explains that they’re on their way to visit a church member for confidential reasons, but they must have written the address down wrong. Could the administrator please send a PDF or Excel link of the church directory so they can look it up, while keeping the identity of the member confidential? If the administrator sends the link or the PDF, the scammer now has access to a lot of personal information from most of the congregation: names of each member of each household, sometimes including maiden names; phone numbers; email addresses; home addresses; and maybe more. Many of them could be the next scam targets.

Here’s another scam that may have hit your church. You’re at your desk planning the lesson for next week’s Sunday School, and an email arrives from the senior pastor at your church. He explains that the church administrator’s birthday is coming up, and he wants her to know how beloved she is by the congregation. She normally sends out emails to the whole congregation, but this one is coming from his account because he wants to arrange a surprise. He’s asking that whoever feels so moved should purchase some gift cards for their favourite restaurant, retailer, gas station, etc. and send them to a P.O. Box (so the administrator doesn’t see them coming through the church mail) with a nice note, and he will put them all in a fancy box to give her on her birthday. It’s a sweet idea, and a great project for the whole church, so lots of people participate. The P.O. Box, of course, never belonged to the pastor, and the church secretary will never see that birthday surprise. A scammer created an email alias, rented a P.O. Box, and is now enjoying a lot of free dining and shopping at your church’s expense. Another version of this has people send photos of the gift cards, along with their PINs, to the email sender.

Scams like these, unfortunately, are becoming more and more common, and churches are a great target for those wanting to take advantage of Christian generosity. Because several CRCs have mentioned receiving scam calls or emails like these, we wanted to provide you with some suggestions for how to spot scammers and avoid being taken advantage of.

Another scam involves people posing as staff members asking an administrator to change their direct deposit information, maybe because they’ve changed banks. This can result in the real staff person’s paycheques now being directed into the scammer’s bank account.

Yet another one involves the church receiving an invoice for funds to retain their domain name. If this is coming out of the blue, it’s likely not from the actual domain name holder.

A Facebook scam hitting many churches has a message to the page administrator, letting them know that their Facebook page will be permanently deleted because of a post with a copyright infringement. The church can appeal the decision by clicking on a link to make a complaint requesting the restoration of the page. This scam works by getting the recipient to click on a link that will cause damage to the computer or give sensitive access to the scammer.

Things to look out for: 

• email addresses you don't recognize, or email addresses that don't actually match up with the name of the sender when you hover over it
• generic greetings or sign-offs rather than names
• spelling mistakes
• short email text with a request to click on a link for more info
• unusual requests that are out of the ordinary for how you'd normally function
• a sense of urgency or tight timeline
• something that seems too good to be true

What you can do:  

• take your time
• check the From address
• verify that the request came from someone you know by calling them
• hover over links in messages - does the URL match the hyperlink?
• never open an attachment unless you're expecting it 

What scams have you heard of? Share your knowledge in the comments below.