ONLINE SECURITY: Awareness and diligence is the key


By Jim Minutelli

As most of us know, online and email security are so very important these days. 

Even though we should be innocent in our dealings with others and treat all with Christ-like love, we still need to be aware of those who are out to harm us, and nothing is more important to view with a critical eye than our online presence. 

We live in an age where communicating via email, text and chat is an integral part of our day-to-day lives, and to get hacked or to be a part of an electronic attack or scam-attempt can feel very violating.

Even in our faith-based communities we experience these kinds of issues, as our own West Virginia United Methodist Conference (WVUMC) recently witnessed. Emails have been received around the conference claiming to be from some of our conference staff.   

What is phishing?

According to the Federal Trade Commission (FTC), “phishing is when a scammer uses fraudulent emails or texts, or copycat websites to get you to share valuable personal information – such as account numbers, Social Security numbers, or your login IDs and passwords.”

These emails then can be used to hijack your identity, gain access to your accounts, or steal your money.  These scammers will use a variety of ways to lure us all into a false sense of security.  They impersonate friends and family, mimic websites with which we are familiar, or — as in the case of our WVUMC — fake emails from people we trust.

Stay vigilant and aware

Scammers often update their tactics, but there are some signs that will help you recognize a phishing email or text message, says the FTC.

“Phishing emails and text messages often tell a story to trick you into clicking on a link or opening an attachment. They may

  • say they’ve noticed some suspicious activity or log-in attempts
  • claim there’s a problem with your account or your payment information
  • say you must confirm some personal information
  • include a fake invoice
  • want you to click on a link to make a payment
  • say you’re eligible to register for a government refund
  • offer a coupon for “free stuff”

What To Do if You Suspect a Phishing Attack

There are several things we can do to protect ourselves against phishing attacks. The main thing is to be wary and prudent. The FTC recommends these additional guidelines to protect yourself against phishing:

If you get an email or a text message that asks you to click on a link or open an attachment or looks suspicious, answer this question: Do I have an account with the company or know the person that contacted me? 

If the answer is “No,” it could be a phishing scam. Look for signs of a phishing attack, If you see any, report the message and then delete it.

If the answer is “Yes,” contact the company or individual using a phone number or website you know is real. Not the information in the email. Attachments and links can install harmful malware.

So how can we be on alert? 

The FTC recommends the following:

Do your own typing.

In today’s world of technology, they are making easier and easier for us to drive down the information superhighway. Instead of clicking on a phone number or website link in your email, type the information into your favorite search engine like Internet Explorer or Google Chrome to find out what information you can find on them or if the information is valid.  Even though the email link might look legit, it might not be.

Turn on two-factor authentication

Basically, two-factor authentication requires that you use both a password and another bit of information that is unique to you, like a code sent to your phone that you need to enter after you enter your password.  This may be something you don’t feel you need or that makes going online a bit more restrictive, but it can be an important piece of your online security.

Back up your files to an external hard drive or cloud storage site. 

Do this often to ensure you have the latest information in case you are hacked or contract a virus.

Keep your computer’s security software up to date.

No matter how much a computer maker tells you their products are “inoculated” against viruses, there is always a threat. Computer security is like the old radar detectors some people put in their cars to avoid tickets.  As soon as the law enforcement agencies came out with a new way to clock speeders, the radar detector manufacturers quickly came out with a new way around it. Then the law enforcement community would develop a new radar, and consumers would have to buy a new detector to keep up. The concept is similar when it comes to internet or email security. We need to backup frequently and automatically allow our virus/security software to update.

Report phishing emails and texts

  • You can forward phishing emails or screenshots of the email by visiting reportfraud.ftc.gov
  • Report fraudulent or phishing emails to your email provider; gmail is very responsive to reports of phishing emails.
  • If you receive a message that appears to be from someone affiliated with the WVUMC, a district superintendent, the bishop or other church leaders that you believe is fraudulent, please send a screenshot of the message or forward to wvumc@wvumc.org.

The WVUMC will not request personal information, financial information, account numbers, ID’s, passwords or copies of invoices in an unsolicited manner through email, text, phone or fax — especially in exchange for goods or services. We will never request that you purchase gift cards or bitcoin. 

As an organization, the conference is confidently taking the steps necessary to constantly update our security protocols and practices to keep the strongest measures in place.

Awareness and diligence are key.

For more information about phishing, visit https://www.consumer.ftc.gov/articles/0003-phishing