BRUNSWICK — In the wake of an internet phishing scam that resulted in hackers defrauding St. Ambrose Catholic Church out of an estimated $1.75 million, local police and security experts said steps can be taken to avoid a similar fate.
“I think the important thing to remember is that any correspondence by email is something that is subject to being hacked,” Brunswick police Lt. Robert Safran said Tuesday.
Safran said that when dealing with financial matters, it is best to speak with an individual from the company requesting payment rather than just solely communicating via email. This is often how phishing scams take place.
According to the Federal Trade Commission, phishing is when an internet scammer uses fraudulent emails, texts or copycat websites to trick people into sharing personal information such as banking information, Social Security numbers and online passwords.
The Rev. Bob Stec of St. Ambrose Catholic Church informed parishioners through a letter dated Saturday, April 27, that through such a scam church officials learned church funds were stolen the Wednesday before Easter.
In the letter, Stec said two employee email accounts were unknowingly compromised, resulting in the fraud. Stec said two payments totaling about $1.75 million went to an unknown account instead of to the banking account of Marous Brothers Construction, which is completing a roughly $5 million renovation at the church.
Brunswick police and the FBI are investigating the incident.
KGC Computers, 1126 Industrial Parkway, Brunswick, President Keith Castle said it is incredibly easy for hackers to trick individuals into unknowingly handing over personal information.
“Say you get an email from your bank, and it says ‘hey, there has been a fraud alert login here’,” Castle Tuesday said. “A lot of people would just go ahead and click and login.”
The link can direct users to a fraudulent website designed to mimic the actual website of a financial institution. Once a customer has inputted a username and password, hackers have the information they need to steal directly from individuals bank accounts, Castle said.
“That is how they get you,” he said.
Safran said one common scam police see, especially during tax season, is a phone call informing someone that there is a warrant out for their arrest and they must pay immediately or be arrested.
Scams involving financial wire transfers, such as the incident involving St. Ambrose, are also common to police.
“A lot of the scams that we see are money that is wired overseas, so we have senior citizens that once they wire money to Europe or South American somewhere, the money is gone,” Safran said.
In his letter to parishioners, Stec said the victimization caught the church by surprise.
“This was shocking news to us, as we have been very prompt on the payment every month and have received all the appropriate confirmations from the bank that the wire transfers of money to Marous were executed/ confirmed,” he wrote.
A request for financial payment in a nontraditional form is another tipoff that something is not legitimate.
“If they are asking for a payment through an unusual form like gift cards, that should immediately be a red flag,” Safran said. “There is no business that is reputable that asks for payment with Apple gift cards.”
Safran said a lot of scams target the elderly, and he does a presentation on how senior citizens can protect themselves against internet fraud.
“A lot of senior citizens will get a phone call, either their computer needs fixed or their grandchild is in jail in a foreign country,” he said. “These are things that they need to vet themselves, so sometimes you get what information you can from the person trying to scam you and then you have to do your own homework.”
The individuals conducting these scams are professionals, Safran said.
“The people that do these type of scams, this is their job, to steal your money,” he said. “They wake up in the morning and they somehow have a list of x amount of people and that is what they do.”
“If they make 100 phone calls and they get one person to send them just $5,000, that is a good day’s work for them as a scam artist,” Safran added.
Castle said it is important for individuals to stay up-to-date with computer security such as anti-virus, and also utilize firewalls that are redundant and also their own self-awareness.
“If those three aren’t in place, you are just waiting to get hacked,” Castle said.
Suspected phishing emails should be forwarded to firstname.lastname@example.org. People should contact the organization impersonated in the email as well.
Reports can also be filed with the Federal Trade Commission at FTC.gov/complaint.
For information about recent scams circulating in Ohio, visit the Attorney General’s website.