Email Scam Alert

We've been made aware that fraudulent emails are being sent out in the name of our Lead Shepherd, Pastor Doug Heiman. While we know these things are outside of our control in a world that increasingly exists online, we wanted to offer our sincere apologies to those who received those emails and offer an explanation as to what happened.

First, Pastor Doug's email account was not hacked or compromised. Typically, what people sending these emails (known as 'phishing' emails) do is scrape publicly available information on the internet to build a persona they use to send emails to people connected to a high profile individual. The goal is to cash in on the goodwill and trust built up by the individual to put the recipients of the email at ease before asking for money or getting them to divulge sensitive information such as account names or passwords. As you can imagine, pastors are pretty enticing targets for such scams due to the time they invest into relationships with their congregations.

In this case, it appears the scammers pulled information from the leadership page on our church website that lists Pastor Doug as 'Rev. Doug Heiman - Lead Shepherd,' the same name and title used in the emails. Using that information the scammers then set up a fake Gmail account in Pastor Doug's name. If you received one of the emails, tapping on the 'From' address would have revealed that the email address was not one that Pastor Doug has ever used or owned.

If you've received one of these emails from one of the church staff, or anyone else for that matter, the best thing you can do is put it in your 'Spam' or 'Junk Mail' folders in your email application. If you're using the Gmail web app, you can report the account for 'Phishing' by tapping the three dots to the right of the 'Reply' arrow. These actions send a signal to your email provider that lets them know you suspect the account of being fraudulent. If enough people report the same account, it gets taken down or blocked.

Here are some things to look for that will help protect you and others from fraudulent emails in the future:
  • An unfamiliar or overly formal tone from the sender. In this case, the email was signed 'Rev. Doug Heiman' which isn't typically how Pastor Doug signs his emails.
  • Asking for 'discretion' for a vague task. This is to keep you from voicing suspicions about the email to anyone else.
  • Does the email specifically ask you to communicate only through email? That's to keep you replying to the fake account.
  • After replying, does the sender ask you to purchase gift cards or debit cards? That's because they're essentially untraceable. No one from the church staff will ever ask you to send money to them directly.
  • Are you sending a bulk email? Use BCC for all recipients and put your own email address in the 'To:' field. This limits the exposure of other email addresses to which the email is being sent.
  • If you suspect an email of being fraudulent, go to the source. Type a link you know and trust into a browser you open rather than clicking/tapping on one in the email. Call the sender directly, or, in this case, contact the church office at 812-867-3997.