Email Scams Are a Growing Concern for Congregations. Here’s How to Stay Safe.

Email Scams Are a Growing Concern for Congregations. Here’s How to Stay Safe.

Vigilance and communication are key. Try these tech tips from Unitarian Universalist Association security and IT experts.

Adria Walker
Photo that shows computer screen and points out tips to detect scam


Have you ever gotten an email from a trusted source that seemed fishy? Maybe it appeared to come from a minister or a fellow congregant, asking you to "click here" or enter your personal information. It could have been a scam. And if you have received such an email, you’re not alone.

Tim Byrne, user community liaison and security analyst at the Unitarian Universalist Association, says he hears indirectly about scams targeting UU congregations anywhere from “a couple of times a year to every few months”—and, of course, there may be many more he doesn’t learn about. There are two scams which are fairly common, he says.

Can you spot a phishing scheme? 

Take a free quiz to practice.

What to do if you got scammed:

Review Consumer Advice from the Federal Trade Commission. 

One familiar scheme involves a request for a gift card. Someone pretending to be a trusted leader, such as the president of the UUA or a minister, sends an email or text instructing the recipient to purchase gift cards and send them (or the card numbers and PIN codes) to the author of the email or text. The sender claims these cards will be used for a charitable purpose or to serve the congregation. That, however, is not the case; the scammer keeps the gift card for themself.

"We see a bunch of the [scam emails] about gift cards," Byrne says. "It is the more common one we’ve seen around congregations because it plays on people’s desire to help."

"Scammers use public information about staff that is readily available, for instance on the contact page of a congregation’s website," says Larry Stritof, the UUA’s director of Information Technology Services. "Even if the congregation doesn’t include personal information on the contact page, scammers can cross-reference staff members’ names with other online sources like social media that do have more personal information they can use."

Tips to Help Avoid Digital Scams

Vigilance is essential when you receive a suspicious email or text message. Scammers, Byrne says, do not expect to be successful with everyone to whom they send these messages. All it takes is one person.

He offers these tips to avoid falling for scams:

  • When an email asks you to do something, check the "from" email address first. In scam emails, the display name and the actual email address usually do not match; for example, an email is supposedly from a UUA employee but comes from a Gmail or other non-institutional domain instead of a email address.
  • If an email contains a link, hover your mouse or cursor over the link. On cellphones, the process is similar: instead of clicking like normal, press and hold the link. Both ways will show you where the link is actually sending you. "If [the email or text] is saying that it’s coming from American Express or Amazon, but the link is taking you to something that has a different name, then that’s a big red flag," Byrne says.
  • Reach out to the supposed sender through another channel (call, text, visit website directly), and don’t click on a link or scan a QR code without checking with the trusted source.

"Don’t try to hide it—by not sharing your experience, you’re leaving others vulnerable to being compromised."

"It’s important to help people in your congregation understand that these schemes happen and to have established policies in place to deal with them, such as having a consistent way of asking for and accepting gifts," says Stritof.

It is also essential to not be embarrassed if you do fall for a scam.

"Don’t try to hide it—by not sharing your experience, you’re leaving others vulnerable to being compromised. Open communication is a good way to resolve issues and protect others."