A Nice Day for Cyber Crime
At about 11:30 a.m. yesterday, an email from a church member landed in my inbox. “Karen, this is the third of emails from ‘Daniel.’ I am certain it is a fraud and will not communicate further.”
Daniel*, a pastor of the church, had apparently sent an email requesting help for some women in a local hospital.
The email read,
Thank you, I would be glad if you could get them to me as soon as you can. There are 16 of the women but I’m thinking of $800 worth of eBay gift card [sic] only for 8 for now, ($100 denomination each. That’s 8 cards of $100 each.) I am currently in a pressing meeting with some family members. I only need you to scratch the cards, then take a SNAP SHOT [sic] of the back showing the PIN and have them sent to me here so I’ll just forward to them easily. Can you do that for me? Please let me know if that’s okay with you. And don’t forget to let me know if you would want me to pay you back the $800 in cash or check.
The signature lines were correct, from the pastor’s name to the church address. But why would he send an email from a gmail account, even if that contained his full title, first and last name, and middle initial? There were other red flags: first, he would never write, “Many Blessings.” Then there’s his hatred of hospitals. And, finally, eBay? This from a man who has been dragged kicking and screaming into the digital age (his words.) Were it not for his partner, I’m not sure this pastor would even know how to find eBay online.
Thus began a three hour digital lockdown.
Perhaps I would not have wanted to be so thorough had I not already started talking about password security just the day before, with another tech team member. I was concerned about the fast but sloppy way we’d–I’d– set up the video conferencing program we’d been using to operate the church since the COVID-19 lockdown began. He’d reluctantly agreed– who wants to identify an internet-security-related problem? Addressing even the simplest issue often takes a lot of time. The day of our conversation, we’d hit a wall within the first 20 minutes. We’d agreed to follow up independently. Late that night, I received a cautionary email from him about what would happen if certain new sign-in procedures were initiated. My response was two words: “Oh, hell.”
I’m sure that weighed on my mind. As I told Kaylin, the financial assistant/office manager, I didn’t care about whether we were overreacting or insulting anyone. For example, one of the email recipients had access to the church’s data base; I could only imagine if that became a conduit for malfeasance. Her access to that account was immediately terminated. The pastor did have a gmail account, not the one that had been used, so I asked him to delete it. I reported the gmail address that had been used to Google. I sent out an urgent letter to the congregation, telling them to ignore that email, immediately trash it, and not to click on any links in it. I also posted that information to the church’s website and Facebook page.
Then Kaylin identified a few others areas of concern, all related to the way information was being managed in the church. As I listened, I felt any hope of reclaiming my day evaporate.
* *. * *
Later, in the evening, I led a brief orientation to the Communications Committee, AKA ComCom, for three new committee members. I mentioned how new the committee is, and how out of keeping the committee’s definition of its own mission is with what other church committees had anticipated. “We’re not about making signs, ” I heard myself say. “We’re about building community in new ways,” I said, “equipping our people to connect with each other in ways they may not yet understand. And that’s not just technology tools.”
After a little discussion about what the implications might be, one of the new members said thoughtfully, “Maybe an initiative to get inexpensive tablets into the hands of people who don’t have them and can’t afford them,” she said. “Because this is actually an equity issue.” There were nods across the computer screen.
It was a good way to end the day.
*All names have been changed.
“In an abundance of caution” has become a common catch phrase recently.
Cyber crime is weirdly sophisticated. It does, too often, catch the unwary.
Working on it, Algot. Working on it. The big question for me is how to help others *get* vigilant…. Thanks for reading.