Hackers are sending emails to members of Jewish congregations in the USA, pretending to be the congregations’ rabbis and in need of urgent assistance.
Earlier this month, the crooks involved set up Gmail accounts impersonating two rabbis from Chattanooga, Tennessee, and sent messages to members of the rabbis’ congregations, telling parishioners, “I need a favor from you, email me as soon as you get this message,” and asking the congregants to purchase prepaid gift cards, and email the card numbers and associated PINs to the rabbis – likely seeking to exploit the fact that synagogues regularly send out emails asking for donations for various charity projects, and the fact that such fundraisers often do accept various types of gift cards that are then either distributed to needy individuals, or sold to raise money for the charitable work.
The fraudulent Chattanooga emails were “signed by” either Rabbi Susan Tendler of B’nai Zion Congregation or Rabbi Craig Lewis of Mizpah Congregation, had email addresses that bore the rabbis’ respective names and titles, and had the traditional Hebrew greeting, “Shalom Aleichem” (peace be upon you), as their subject.
According to published reports, similar scams seeking to exploit the trust that members of the clergy typically have earned from their parishioners have recently targeted Jewish communities in at least four other southern States. And, there is little reason to believe that similar attacks will not be launched in the future against both religious congregations of other faiths, as well as against secular charitable organizations whose leaders have earned the trust of their members.
There are at least three important lessons for members of all faiths – and members of no faith – to learn from the current string of scams:
1. Charitable organizations are prime time cyber-targets.
Anyone associated with a charitable organization should understand that cyber-criminals have long since abandoned any criminals’ code of ethics. It should come as no surprise that people who target hospital systems with ransomware are more than happy to impersonate members of the clergy, and to steal money that is intended to be used for all sorts of charitable projects. If you lead, work for, volunteer for, donate to, or otherwise are involved with any charitable organizations – and hopefully you are – you must internalize that criminals will seek to exploit and abuse the trust that good organizations and their leaders have established with their members and other contributors.
2. Do not request that donations be sent in by email.
Anyone initiating requests for charity on behalf of any charitable cause should not ask people to email gift card numbers or the like – even if obtaining the information in such a fashion is easier than having people drop off physical cards or printouts of digital cards. Furthermore, it is wise to periodically communicate to all of your contributors that you will never ask for donations to be sent in by transmitting payment card information via email, text message, or the like.
3. Charitable organizations must protect their member and contributor databases – including any email mailing lists.
Criminals who obtain such lists can – and likely will – exploit them in attempts to steal money. Crooks can target contributors far more effectively when armed with information about the intended victims’ addresses, phone numbers, known email addresses, and past contributions, than if they have less data which with to work. For tips on how to improve information security on a budget, please see the article 13 Tips to Achieve Great CyberSecurity Without Spending a Fortune.