How to Spot Church Email Scams: Protect Yourself from Phishing and Spoofing

Short Summary: If you get an odd email or text from clergy or a church staff member asking for gift cards, urgent help, or personal information, it's almost certainly a scam. Don't respond, and always check with the church office if you're unsure.

What Is Phishing and Email Spoofing?

Email spoofing is when a scammer fakes the “From” name in an email to make it look like it’s coming from someone you trust — like your priest or church staff. It’s often used in phishing scams, where the goal is to trick you into clicking malicious links, downloading harmful attachments, or sharing personal info.

What Is Whaling?

While “phishing” targets a wide audience, whaling goes after “big fish” — like pretending to be a pastor, bishop, or trusted church leader. These emails are crafted to appear more personal and urgent.

Real Church Email Scam Example We’ve Seen at St. Matthew’s:

Subject: “Do you have a moment?”

Body: “I have a request I need you to handle discreetly. I’m currently busy in a prayer session, no calls — just reply my email.”

Signed: 

Reverend Rob Merola

Priest-in-Charge

Saint Mathew’s Episcopal Church

Notice the spelling errors, and remember that St. Matthew's clergy or staff would NEVER email or text a request like this.

Common Scam Tactics

Scammers may:

• Pretend to be a familiar church leader using a free email like rev.rob.parish@gmail.com

• Use urgent language: “I need your help urgently — don’t tell anyone.”

• Ask for gift cards or money transfers

• Send attachments or suspicious links

• Mimic real domain names, like @SaintMatthewsVA.org vs @SaintMathewsVA.com

These tactics are especially tricky on smartphones, where it’s harder to see full email addresses or hover over links.

Spot the Red Flags: A Checklist:

• 🚫 Do NOT reply, click, or download anything.

• 📞 Call the church office right away at 703-430-2121.

• 🔍 Double-check your antivirus software and email security settings.

• 🔒 Update your passwords just in case.

  
  

What do you do if you've been targeted?

• Email or call the church office at 703-430-2121

• If it came from a Gmail address, you can report it to Google here.

• Think you've been targeted by a scam? Report it to the FTC at reportfraud.ftc.gov.

Help Us Spread the Word

Scam emails can trick even the most careful among us — and they're especially dangerous for those who may not be as comfortable with technology.

Please share this blog post with friends or family members who attend St. Matthew’s, especially anyone who may be less tech-savvy. A quick conversation or forward could save someone from falling victim to a scam.

Let’s keep our church community informed, safe, and connected.

Trusted Resources to Learn More or Report Scams

1. Federal Trade Commission (FTC) – Recognize & Report Phishing

Learn how to spot phishing, what to do if you're targeted, and how to report it.🔗 https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams

2. Report Fraud to the FTC

If you’ve received a scam message, report it quickly here.🔗 https://reportfraud.ftc.gov

3. Google – How to Spot & Report Phishing in Gmail

Useful if you or someone you know uses Gmail and receives suspicious emails.🔗 https://support.google.com/mail/answer/8253

4. Federal Communications Commission (FCC) – Scam Glossary & Guidance

Great for understanding text-based scams (also called smishing), robocalls, and impersonation messages.🔗 https://www.fcc.gov/scam-glossary

5. The Episcopal Church – Cybersecurity Guidance

While not a technical resource, this Episcopal resource speaks to the unique risk in faith communities.🔗 https://www.episcopalchurch.org/safe-church-resources/(search for "cybersecurity" or "fraud awareness")

6. National Cybersecurity Alliance – Phishing Resources

Practical information for spotting phishing attacks across email, social, and mobile.🔗 https://staysafeonline.org/resources/phishing