Several members of FPC and some friends at other congregations have recently gotten emails from someone impersonating Reverend Matt, using email addresses that look like Matt’s personal email address. This is a frustrating situation. Unfortunately, there’s also not a lot we can do about it. Here are answers to questions you may have about this situation.
Q: Has Reverend Matt’s email account been hacked?
A: No. The criminals doing this are creating Gmail accounts that look like one of Matt’s email addresses to try and trick people. But Matt’s real email account has not been hacked and we are taking steps to improve the protections around it.
Q: What should I do if I get one of these?
A: DO NOT REPLY TO THE EMAIL. Please forward the email to Bruce Wilson at firstname.lastname@example.org. If you know how to forward it and send the email headers, that’s useful. If you don’t know how to do that, just do a regular email forward. And if you want to just delete the email message and forget about it, that’s fine, too. Note that email@example.com isn’t Bruce’s regular email address, but one just for computer stuff at FPC.
Q: If Matt’s email isn’t hacked, how did they get my name and email address to send me this message?
A: Email addresses aren’t hard to come by. The most likely answer is that they’re scraping email addresses from web sites.
Q: What is the church doing about this?
A: Frankly, there’s not a lot we can do. We’ve spoken with several church members who have law enforcement backgrounds and connections. As each of these emails has come out, we’ve reported the abuse to Google, and Google has shut down the offending email address. We’ve filed a report with the FBI’s Internet Crime Complaint Center. We’re making sure that Matt’s real email addresses are protected against both hacking and spoofing.
Q: What do the criminals hope to gain by doing this?
A: The most likely answer is that they’re trying to con people out of money by pretending to be Reverend Matt.