We regret to report that Shelter Rock’s ministers’ names, with fake, non-uucsr email addresses, have once again been used in phishing attempts.

Rest assured: Shelter Rock’s database (Planning Center) has state-of-the-art security. You may read details HERE.

Religious organizations are special targets because their members have a reputation for being kind and compassionate. Typically, scammers use a process that the security community calls “Open Source Intelligence”, or OSINT, to obtain information from publicly available sources. Essentially, they use publicly available information, of which there is much more than most people realize, to identify and attack their targets. This article is a good high-level overview of what OSINT is and the threat it poses.

What can you do to stay safe? Don’t Take the Bait!

Phishing is the name for emails (or texts or phone calls) that pretend to be from someone trusted. Often gift cards or cash are requested, but sometimes, a recipient is invited to click a link or open an attachment that can trigger malicious code.

A good rule of thumb with emails you’re not expecting is to reach out to the sender through another channel (call, text, or visit a website).

Scammers often spoof phone numbers to trick you into answering or responding. Remember that government agencies will never call you to ask for personal information or money.
Do not click any links in a text message. If a friend sends you a text with a suspicious link that seems out of character, call them to make sure they weren’t hacked.
Consider changing your passwords, which is recommended regularly, whether or not you’ve received a phishing attempt.
If you provided financial information to anyone you now suspect of phishing, contact your bank or credit card company for guidance.
Please do not click on links without checking on the sender’s address. Ask yourself if the email address, language, and grammar are reasonable.
Please pause to think, “Is this a reasonable request?”
Ask yourself, “Is this message normal given my relationship with the sender?”

Tips to Prevent a Scam:
Don’t act quickly. Scams are based on fear and urgency.
Check the email address BEHIND a sender’s name. Is anything fishy?
UUCSR emails would always END in uucsr.org.
Most businesses would not use a gmail address.
If anything is too good to be true, it probably is.
Is there a strange payment or gift involved?
Notice threatening behavior.
Be suspicious of fake caller IDs.
Be cautious of impersonation.
Do not reveal personal information.
Avoid suspicious links.
Notice if there is an attempt to gain your compassion and sympathy.
Ask a friend or family member.
Close apps, websites, and your online connections when they’re not in use.
Update your browser.
Monitor your credit history.

Password safety may be one of best and easiest good habits that one could ever develop.
Use strong passwords. Combine letters, numbers, and other symbols at least 16 characters long.
Use different passwords for every site.
Change your passwords now and then.
Use a password vault; never keep an unsecured list.
USE MULTIFACTOR AUTHENTICATION (MFA) WHENEVER POSSIBLE.
Resist the ease of storing passwords on your browser. Many browsers offer to save your passwords when you browse sites.
Do not share passwords.

Please be reassured that the MY UUCSR database and website (uucsr.org) are as secure as is possible. If you have any questions, please contact Communications Manager Jen Sappell (jsappell@uucsr.org, 516.472.2980). Thank you.