Phishing:  How Not to Get Hooked by Email Scammers


By Jim Minutelli

We see everyday in the news companies being hacked or data that has been compromised, and many of us have received a letter or call from our bank or a credit card company, telling us that our personal information has been compromised.

Even in our churches we experience these kinds of issues, as our own WV Conference found out a few weeks ago when a few emails were received by our friends, claiming to be from the Conference.   Statewide, we are confidently taking the steps necessary to update our security protocols and practices to keep the most up-to-date measures in place.

In Matthew 10:16, Jesus tells his disciples, as he is sending them out into the world to preach his gospel, “Look, I’m sending you as sheep among wolves…be wise as snakes and innocent as doves.”

Even though we should be innocent in our dealings with others and treat all with love, that doesn’t mean we should be gullible.   We still need to be aware of those who are out to harm us, and nothing is more important to view with a critical eye than our online presence and internet security.

According to the Federal Trade Commission (FTC), “phishing is when a scammer uses fraudulent emails or texts, or copycat websites to get you to share valuable personal information – such as account numbers, Social Security numbers, or your login IDs and passwords.”

These emails then can be used to hijack your identity, gain access to your accounts, or steal your money.  Phishermen, as I call them, are definitely not the fisher’s of men and women we talk about in the Bible, but they do find a variety of ways to lure us all into a false sense of security.  They impersonate friends and family, mimic websites of which we are familiar, or, as in the case of our WV Conference, fake emails from people we trust.

So how can we be on alert and be “as wise as snakes?”

There are several things we can do to protect ourselves against phishing attacks and the main thing is to be wary and prudent.

The FTC recommends the following guidelines when protecting yourself against phishing:

Be cautious in opening attachments or clicking on links in emails.

One of the first things I look for is if any of the words in the subject line are misspelled or look odd, like words that are not capitalized which should, or vice versa.  If you notice any of these red flags, you can usually assume that you should not open the email, as it is better “to be safe than sorry,” as the old saying goes.

Like our example from the WV Conference, another simple check is to look at the address from where the email is sent.  If it is not something that you recognize or if it is a combination of long letters and numbers, it is probably not from a reliable source.

If you do open an email and are not sure if it is a scam or not, do not click on any links in the email.  Realize that if you do click on a fraudulent link, you could not only infect your computer, but the computers of your friends and family.

Do your own typing.

In today’s world of technology, they are making easier and easier for us to drive down the information superhighway.   Instead of clicking on a phone number or website link in your email, type the information into your favorite search engine like Internet Explorer or Google Chrome to find out what information you can find on them or if the information is valid.  Even though the email link might look legit, it might not be.

Make the call if you’re not sure. 

If somebody claiming to be a friend, family or familiar company contacts you and you are not sure if it is legitimate, call or contact the person or company directly, using the numbers or people you know, not the ones in the email.

Turn on two-factor authentication.

Basically, two-factor authentication requires that you use both a password and another bit of information that is unique to you, like a code sent to your phone that you need to enter after you enter your password.  I recently went to Montreal, Canada for work, and my Google account knew that I was somewhere different, far away from my normal locations, so they asked me a series of questions to authenticate who I said I was.  I know this may be something you don’t feel you need or that makes going online a bit more restrictive, but it can be an important piece of your online security.

Back up your files to an external hard drive or cloud storage site. 

Do this often to ensure you have the latest information in case you are hacked or contract a virus.

Keep your computer’s security software up to date.

No matter how much a computer maker tells you their products are “inoculated” against viruses, there is always a threat.  I’m going to date myself, but computer security is like the old radar detectors some people put in their cars to avoid tickets.  As soon as the law enforcement agencies came out with a new way to clock speeders, the radar detector manufacturers quickly came out with a new way around it.  Then the law enforcement community would develop a new radar, and consumers would have to buy a new detector to keep up.  Similar concept with internet or email security.  We need to backup frequently and automatically allow our virus/security software to update.

Report phishing emails and texts

Your report is most effective when you include as much info as you know.

These few simple steps of awareness on our part can keep us alert and better in charge of our online presence.

For more information about phishing, visit https://www.consumer.ftc.gov/articles/0003-phishing

If your church or organization is experiencing issues with being impersonated, visit

https://www.ftc.gov/news-events/blogs/business-blog/2017/03/has-phishing-scam-hooked-your-companys-good-name for more info.

Jim Minutelli is a Certified Lay Minister in the Wesleyan District and a member of West Milford United Methodist Church.  Jim is also the District Communications Representative for the Wesleyan District.