Protect yourself from Fraudulent Messages

Unfortunately, spoofing, phishing and whaling scam emails and text messages are increasingly common, and churches/nonprofits are often specifically targeted. Recently, fraudulent communications pretending to be from our interim rector or other St. Paul’s Indy staff have targeted our community.

It’s important to stay alert and protect yourself. Here's what you need to know:

What Are Spoofing, Phishing and Whaling?

• Spoofing: This is when an attacker disguises themselves as a trusted source by faking information like an email address, phone number or website — to make it seem legitimate.

  • Example: An email appears to come from "yourboss@company.com" but really comes from a scammer at "yourb0ss@companny.com".

• Phishing: A cybercrime where scammers send emails or texts pretending to be from legitimate organizations to trick you into revealing personal information such as passwords, bank accounts or credit card numbers.

  • Example: An email that looks like it’s from your bank asking you to "verify" your account details.

• Whaling: A specific form of phishing that targets high-profile individuals (like clergy or other leadership) or impersonates them to deceive others into providing sensitive information, sending money or clicking malicious links.

  • Example: A fake email sent to a company's CFO requesting a secret wire transfer.

Common Signs of a Scam

• Messages privately requesting money or gift cards

• Odd language or tone that doesn’t sound like the person you know

• Requests for sensitive information (passwords, Social Security numbers, banking details)

• Unexpected links or attachments

• Emails or texts from addresses that seem close to, but are not, official St. Paul’s Indy domains (like “staff.stpaulsindy@gmail.com” instead of a verified address)

Important:

• St. Paul's Indy staff will never contact you privately, asking for personal information or emergency money requests via email or text.

• Always double-check by contacting the staff member directly using a known phone number or email, not by replying to the suspicious message.

What to Do If You Receive a Suspicious Message

1. Do not respond.

2. Do not click any links or open attachments.

3. Verify independently — call or email the real person using official contact information.

4. Report the scam:

   • Report them to your email provider (Gmail, Yahoo, etc.) by marking them as junk or spam.

   • Forward phishing emails to: reportphishing@apwg.org (Anti-Phishing Working Group).

   • Report fraudulent text messages by forwarding them to 7726 (SPAM).

   • File a report with the Federal Trade Commission (FTC)

   • For email scams impersonating St. Paul's Indy staff, also notify us at: info@stpaulsindy.org

Click below to learn more

• How to Recognize and Avoid Phishing Scams — Federal Trade Commission (FTC)

• How to Recognize and Report Spam Text Messages — FTC

• Phishing and Spoofing — FBI Internet Crime Complaint Center (IC3)

Stay Vigilant

The safety of our community is a priority. Thank you for helping us protect each other by staying informed and cautious.