Scams and how to deal with them

Several times in the last few months of 2023, Our church membership has seen an uptick in scams. So far they all have had the same method. Posing as Pastor Rick requesting gift cards. A special email has been set up called scams@firstbaptistpuyallup.com. If you are in doubt about an email, do not respond to it, rather forward it to that email address for our web staff to review and report it to https://reportfraud.ftc.gov/#/.

I have had some extensive experience dealing with these scammers. Here’s some key things to remember:

1: Our church will never solicit funds of any kind via email (including but not limited to Gift Cards). If you wish to send tithes online, use the link provided on this website. Not on email.

2: If it looks suspicious, it is likely a scam.

Gift card scams

Only scammers will tell you to buy a gift card, like a Google Play or Apple Card, and give them the numbers off the back of the card. No matter what they say, that’s a scam. No real church, business or government agency will ever tell you to buy a gift card to pay them. Always keep a copy of your gift card and store receipt. Use them to report gift card scams to the gift card company and ask for your money back.

Gift card scams start with a call, text, email, or social media message. Scammers will say almost anything to get you to buy gift cards — like Google Play, Apple, or Amazon cards — and hand over the card number and PIN codes. Here are some common tactics scammers use in gift card scams:

  1. Scammers will say it’s urgent. They will say to pay them right away or something terrible will happen. They don’t want you to have time to think about what they’re saying or talk to someone you trust. Slow down. Don’t pay. It’s a scam.
  1. Scammers will tell you which gift card to buy (and where). They might say to put money on an eBay, Google Play, Target, or Apple gift card. They might send you to a specific store — often Walmart, Target, CVS, or Walgreens. Sometimes they’ll tell you to buy cards at several stores, so cashiers won’t get suspicious. The scammer also might stay on the phone with you while you go to the store and load money onto the card. If this happens to you, hang up. It’s a scam
  2. Scammers will ask you for the gift card number and PIN. The card number and PIN on the back of the card let the scammer get the money you loaded onto the card — even if you still have the card itself. Slow down. Don’t give them those numbers or send them a photo of the card. It’s a scam.

Scammers tell different stories to get you to buy gift cards so they can steal your money. Here are some common gift card scams:

  • Scammers say they’re from the governmentThey say they’re from the IRS, the Social Security Administration, or even the FTC. They say you have to pay taxes or a fine. But government agencies won’t contact you to demand immediate payment, and they never demand payment by gift card. It’s a scam.
  • Scammers say they’re from tech support. They say they’re from Microsoft or Apple and there’s something wrong with your computer. They ask for remote access, and say to pay them to get it fixed. Don’t give them access to your computer. It’s a scam.
  • Scammers say they’re a friend or family member with an emergency. If the scammer uses voice cloning, they may even sound just like your loved one. They ask you to send money right away — but not tell anyone. It’s a scam. If you’re worried, contact the friend or relative to check that everything is all right.
  • Scammers say you’ve won a prize. But first, they tell you to pay fees or other charges with a gift card. It’s a scam. No honest business or agency will ever make you buy a gift card to pay them for a prize. And did you even enter to win that prize?
  • Scammers say they’re from your utility company. They threaten to cut off your service if you don’t pay immediately. But utility companies don’t work that way. It’s a scam.
  • Scammers ask for money after they chat you up on a dating website. Romance scammers will make up any story to trick you into buying a gift card to send them money. Slow down. Never send money or gifts to anyone you haven’t met in person — even if they send you money first.
  • Scammers send a check for way more than you expected. They tell you to deposit the check and give them the difference on a gift card. Don’t do it. It’s a scam. That check will be fake and you’ll be out all that money.

If you bought a gift card and gave someone the numbers off the back of the card, that’s a scam. Use your gift card and gift card store receipt for these next steps:

  • Report the gift card scam to the gift card company right away. No matter how long ago the scam happened, report it. Use the How To Contact Gift Card Companies list below.
  • Ask for your money back. Some companies are helping stop gift card scams and might give your money back. It’s worth asking.
  • Tell the FTC at ReportFraud.ftc.gov. Every report makes a difference.

Here’s an example of a scam email (personal information on recipient replaced wit ***** to protect their privacy)

First one will read something like this:

From: Pastor Rick Siemens <churchofficeonline01@gmail.com>
Date:September 6, 2023 at 10:05:55 AM PDT
To: *@comcast.net
Subject: *

Do you have a moment I have a request I need you to handle discreetly. I am currently busy in a prayer session, no calls so just reply my email.

Rick Siemens
Pastor
1219 15th St. NW
Puyallup, WA 98371

If you respond, you may get a follow up like this:

From: Pastor Rick Siemens <churchofficeonline01@gmail.com>
To: @comcast.net
Date: 09/06/2023 1:00 PM PDT
Subject: Re: *,.

Okay, here’s what I want you to do for me because am going to be busy althrough today. I have been working on incentives and I aimed at surprising some of our diligent staffs with gift cards this week. This should be Confidential until they all have the gift cards as it’s a surprise and you will keep one for yourself too.
Can you get this done today?

Rick Siemens
Pastor
1219 15th St. NW
Puyallup, WA 98371

First thing to note is the senders email address: churchofficeonline01@gmail.com. Church Office Online is a legitimate business, but they would not use a gmail account, nor would they add a 01 to the end of their name. Second, most of us know Rick’s actual Email address, and this is not it, Third, Rick never used the word “pastor” in his Email address or in closing his emails, nor did he put the church address. His Church email address was simply “Rick”. Upon his retirement, Rick’s Church email was deleted so even if you get an email from “rick@firstbaptistpuyallup.com” from now on, it is a scam (fake). If you receive an email like this, do not respond, send it to scams@firstbaptistpuyallup.com. Once we have a new pastor lined up I will give them an email similar to Rick’s. If you are ever in doubt about church emails, ask me, I know them all.

The email above was sent directly to the Webmaster Email account and swiftly cut off! if you see such email, do not respond and send to scams@firstbaptistpuyallup.com. An email like this is fishing for imformation. If I responded to it, they would not give the “Claimed” person’s account, rather their own.

Other types of scams

Grandparent Scams

In this scenario, a person will pretend to be the grandchild of the person who answers the phone and ask for money. The caller might claim they are having an emergency, such as a car accident or problem with the law, and don’t want anyone to find out. They might ask you to send them money or gift cards.

The scammers often harvest the information they need to make the call appear legitimate from obituaries and social media, setting up a code word for the grandchild to use in a real emergency is a good thing to do.

Spoofing and Phishing 

Spoofing 

Spoofing is when someone disguises an email address, sender name, phone number, or website URL—often just by changing one letter, symbol, or number—to convince you that you are interacting with a trusted source.

For example, you might receive an email that looks like it’s from your boss, a company you’ve done business with, or even from someone in your family—but it actually isn’t.

Criminals count on being able to manipulate you into believing that these spoofed communications are real, which can lead you to download malicious software, send money, or disclose personal, financial, or other sensitive information.

Phishing 

Phishing schemes often use spoofing techniques to lure you in and get you to take the bait. These scams are designed to trick you into giving information to criminals that they shouldn’t have access to.

In a phishing scam, you might receive an email that appears to be from a legitimate business and is asking you to update or verify your personal information by replying to the email or visiting a website. The web address might look similar to one you’ve used before. The email may be convincing enough to get you to take the action requested.

But once you click on that link, you’re sent to a spoofed website that might look nearly identical to the real thing—like your bank or credit card site—and asked to enter sensitive information like passwords, credit card numbers, banking PINs, etc. These fake websites are used solely to steal your information.

Phishing has evolved and now has several variations that use similar techniques:

  • Vishing scams happen over the phone, voice email, or VoIP (voice over Internet Protocol) calls.
  • Smishing scams happen through SMS (text) messages.
  • Pharming scams happen when malicious code is installed on your computer to redirect you to fake websites.

Spoofing and phishing are key parts of business email compromise scams.

How to Protect Yourself 

  • Remember that companies generally don’t contact you to ask for your username or password.
  • Don’t click on anything in an unsolicited email or text message. Look up the company’s phone number on your own (don’t use the one a potential scammer is providing), and call the company to ask if the request is legitimate.
  • Carefully examine the email address, URL, and spelling used in any correspondence. Scammers use slight differences to trick your eye and gain your trust.
  • Be careful what you download. Never open an email attachment from someone you don’t know and be wary of email attachments forwarded to you.
  • Set up two-factor (or multi-factor) authentication on any account that allows it, and never disable it.
  • Be careful with what information you share online or on social media. By openly sharing things like pet names, schools you attended, family members, and your birthday, you can give a scammer all the information they need to guess your password or answer your security questions.

SPOT THE DIFFERENCE?

maybank2u.com is not the same as

maybank2u.com

citibank.com is not the same as

citibank.com

The first ones are correct, the second ones are from scammers.

The “a” in the second ones is a slightly different font.

An average internet user can easily fall for this. Be careful for every email requiring you to click on a link.

Please Stay alert.