This message was sent by Jewish Federation's Director of Security Initiatives, Amy Keller, to Jewish communal organizations on April 14, 2022.
This Jewish Federation's Security Initiatives has been advised that several Jewish communal partner organizations and their members recently received emails from senders impersonating rabbis and organizational leaders, possibly attempting to defraud congregants into purchasing gift cards and divulging credit/debit card information.
Receiving Spoofed Emails
Unfortunately, this is a common tactic, and easy for threat actors to carry out. These types of scams are not going away any time soon. We encourage you to alert members and assure them that clergy, staff, and lay leaders will NEVER ask members for financial contributions in this way.
Educate members, staff, supporters, partners, and suppliers on these warning signs:
- The request often includes the name of the rabbi, cantor, lay leader, and a legitimate-looking email address. But a closer look should raise some red flags. For example, the email address isn't normally used by the congregation and the service provider is different. For example, instead of coming from RabbiGold@mysynagogue.org it could come from the same name but using a generic email provider – Gmail, Yahoo, and even AOL.
- The message may begin with a simple "Hi," but doesn't include a recipients' name. This is of course by design so they can send a generic email out to as many people as possible. Leaving the messaging vague would hide the fact that the scammer doesn't know how the staff or clergy talks to their members, which could be a warning sign in and of itself.
- There may also be spelling errors, including the sender's name or grammar mistakes, which are common in traditional scams.
- The imposter asks you to buy a popular gift card — frequently iTunes, Google Play, or Amazon — and then asks for the gift card number and PIN on the back of the card.
Additionally, imposter scams are circulating within our communities. Please be aware of these "Do and Don't" recommendations for these types of imposter scams.
- Do confirm independently whether the organization is indeed trying to reach you. Use the customer service numbers or email addresses listed on invoices, account statements and legitimate websites.
- Do report impostor scams to the company or institution being impersonated.
- Do cut off contact if you suspect someone you've forged a bond with online is an impostor.
- Don't give sensitive information such as credit card details or your Social Security number over the phone unless you're sure of whom you are dealing with.
- Don't make a payment or allow remote access to your computer to someone offering tech support.
- Don't send money to someone you don't know, someone you think you may know but are not sure, or someone you've only met online.
- Don't rely on caller ID to determine if a call is legitimate. Scammers use spoofing tools to make it appear they are calling from a genuine government or business number.
- Do follow the same suggestions for email spoofing
What To Do
If you have received or acted on a spoofed email or been impersonated, please let Jewish Federation's Director of Security Initiatives and External Affairs, Amy Keller, know so we can record the incident. Supply any information you have and any steps you have taken.
Utilize this quick list of suggestions to take action:
- Send an email advisory to all congregants and other frequent email contacts informing them of the scam, the originating email, and the actual email address of the spoofed sender.
- Recover "full internet header" from the email – you will need this for reporting. Steps on how to recover an email's full internet header can be found here.
- File a report with your IT department or consultant. Discuss strengthening your organization's cyber/computer hygiene.
- File a report with the email provider, e.g., Google, Yahoo – and request suspension/deletion of the originating account.
- File a police report with your local police department.
- File reports with state and Federal cybersecurity authorities, NJCCIC and IC3
- File an incident report with Jewish Federation in the Heart of NJ.
- Notify other local congregations with whom you associate in order to raise situational awareness in our community.
- If any member's emails have been directly compromised, it is best to change your email passcodes, especially if you log into social media with the same address and passcode.
In addition, if you or someone in your organization have followed the directions of scammers -- for example, provided credit card information, social security numbers, or other sensitive information, or if you have purchased gift cards, wired money, or the like...
Follow the steps outlined by the Federal Trade Commission: https://consumer.ftc.gov/articles/what-do-if-you-were-scammed
Federation security partners at FB-ISAO* issued an Advisory on Email Spoofing last April, which is still valid today. If you would like a copy, please contact Federation's Director of Security Initiatives, Amy Keller.
Always follow up with a report to Jewish Federation in the Heart of NJ's Security Initiatives.
Thank you for your continued vigilance in the Jewish community's strength and security.
*Faith-Based Information Sharing and Analysis