As people are going through these trying times, scammers are taking advantage – posing as our leadership, staff, and members asking for help. Know that Eastrose or our leadership will NEVER ask for you to buy gift cards or send money in an email. We only encourage donations sent directly to the church office or contributed via our giving page 

We encourage you to double-check with us if you are unsure of a request.

Please read below to familiarize yourself with how these scams (or phishing) work and how to protect yourself!

More questions? Contact office@eastrose.org

How it works:

One of the most successful phishing scams involves a boss, minister, coworker, or friend asking you to go out & buy gift cards. It uses clever social engineering, not advanced technology. Here’s how you can spot & avoid the “gift card” scam.

Ask yourself: if your boss/minister/friend wanted to give out gift cards, how would they order those gift cards? Would they send you an email asking you to rush out and buy some, and then ask you to scratch off the backs and email the codes?

Probably not. Yet this exact scenario has become a prolific, and unusually successful, email phishing scam.

The scam goes like this: 
You receive a ‘plain text’ email. The email appears to come from someone they are familiar with.
In the email, the sender asks you to buy some gift cards.  Note: sometimes they try to get your attention first – with things like “I need urgent help with something today” or “Can you do something for me” or something similar. If you reply, it leads to asking for help in buying gift cards.

Once you tell them you’ve bought the gift cards, the email asks you to scratch off the gift card backings to display the unique PIN codes and email those codes back to them.

The scammer takes the code, cashes out the gift card in minutes, and vanishes.

This scam has made the rounds since mid-2018. That cybercriminals still use it means it still works. They have ramped up the scam in the time of COVID-19, counting on our goodwill for each other to help them succeed!

As scams go, this one’s clever. How does it work so well?

1. It uses a “display-name spoof” – putting a real person’s name in the “From” field. (Often either the name or subject is in all CAPS – which is a clue to look for!)
2. The text of the email reads like the person actually wrote it. We can spot terrible grammar a mile away. Normal grammar, however, that doesn’t ring alarm bells.
3. We are a loving congregation —so when we’re given a mission, we are eager to help!
4. Sometimes the scam uses a time limit, e.g. “Can you do this before end of day?” This creates a sense of urgency, which compels action with little time to think.

Here are five ways to detect email phishing attempts:

1. Check the sender’s email address: Be cautious of emails from unfamiliar or suspicious email addresses. Sometimes, phishing emails may mimic legitimate senders, but the email address may have slight variations or misspellings.
2. Inspect URLs before clicking: Hover over links in the email (without clicking) to preview the URL. Ensure that the URL matches the expected website address. Watch out for misspellings or strange domain names that resemble popular websites.
3. Look for spelling and grammar errors: Many phishing emails contain spelling mistakes, grammatical errors, or awkward phrasing. Legitimate businesses and organizations typically have professional communication standards.
4. Beware of urgent or threatening language: Phishing emails often use urgency or fear to prompt action. They may claim your account is compromised or that you need to verify personal information immediately. Legitimate entities usually communicate important matters through secure channels rather than email.
5. Verify requests for personal or financial information: Legitimate organizations rarely ask for sensitive information like passwords, credit card numbers, or social security numbers via email. If you’re unsure about the authenticity of an email, contact the company directly through their official website or phone number to verify the request.