If you get an email supposedly from Msgr. Gervasio (or any other OLS-SA staff member), that asks you to do him a favor, buy gift cards for him and send him the PIN numbers of the cards, ignore it...or report it to the police. This is a scam. Msgr. Gervasio would never ask you to do this!
The current version of the scam may read as follows:
Let me know if you are not occupied at the moment, I need you to do me a favor real quick. Email me back immediately you receive this message.
This scam is not limited to our parish, but has hit members of other local parishes as well as more distant parishes. Following are some steps you can take to avoid falling prey to this type of phishing scam.
Here are some tips on dealing with phishing:
Confirm as legitimate any email that is requesting a sensitive business task to be completed.
If the tone of the email is urgent this should be a signal for additional caution.
Never respond to a wire transfer request - always STOP-CALL-CONFIRM with the Pastor or manager.
Do not share bank account numbers or other banking information over email.
Do not publish staff email addresses on a website – use a ‘Contact Us’ form instead.
Be cautious about opening attachments or clicking on links in emails. Even your friend or family members’ accounts could be hacked. Files and links can contain malware.
Search for the terms ‘email spoofing’ and ‘phishing’ to become familiar with these tactics.
Learn more about how to protect your personal information.
Visit Identitytheft.gov. Victims of phishing could become victims of identity theft; there are steps you can take to minimize your risk.
Routinely backup all your important files and test to make sure you can recover these on a periodic basis (in case malware wipes your data access).
Secure your email:
Do not use the same password for your various internet accounts (email, Facebook, Twitter, Bank Accounts, etc.) Each account must have a unique password.
Do not use simple passwords but rather use complex passwords comprising a mix of uppercase and lowercase letters, numbers, and special characters.
Use multifactor authentication (MFA) if you have that option.
Change your email account password if it is older than 6 months.