Oct 17 2025
Off

“Do You Need Gift Cards?”

Recognizing Scam Emails Before It’s Too Late

 

By: Stacey Burke, NEPA Synod's Communications

October 17, 2025

 

A church administrator was working on an ordinary day when they received a message from a church staff member requesting them to send a copy of the congregation’s full database, including private information such as names, addresses, phone numbers, and email addresses. The administrator thought this was an unusual request since the staff member already had access to that information. Upon closer inspection, the administrator noticed that the sender’s email address ended differently than the church’s official one, which is often a sign the message came from outside the organization. That small but important detail prompted the administrator to pause, investigate, and discover that the message was a scam.

 

This true and recent story from one of the Northeastern Pennsylvania Synod’s congregations may sound familiar, or perhaps something similar has happened in your own congregation or community. Scam emails are becoming increasingly convincing, sometimes even appearing to come from trusted leaders or synod staff. From “I have a grand piano available” to “Can you buy gift cards,” these messages are designed to manipulate our sense of trust, urgency, or compassion. So how can we recognize and stop these scams before it’s too late?

web image

Common Scam Types Churches Face

Faith communities are frequent targets for cybercriminals because of their culture of trust and generosity. Common scams include:

 

  • Gift Card Scams: An email appears to come from the pastor, deacon, bishop, or another leader asking for gift cards to help someone in need. The scammer often says they’re “in a meeting” and can’t talk on the phone.

 

  • Phishing for Personal Data: Messages ask for membership lists, directory information, or donor records under the guise of “updating records” or “urgent reporting.”

 

  • Fake Invoices or Donations: Fraudulent requests for payment or fake charitable donation opportunities can appear legitimate, especially if they use church logos or familiar language.

 

  • Impersonation of Synod Leadership: Increasingly, scammers are sending emails that look like they’re from synod leaders, requesting urgent meetings, confidential discussions, or financial transfers. Always use the same safety practices outlined below to confirm legitimacy before responding.

 

  • Malicious Links and Attachments: Some emails include attachments labeled “invoice,” “agenda,” or “photo,” which install malware when opened.

Just as the administrator spotted something unusual in the sender’s email address, many scam messages include subtle signs that something is not right. The sender’s name might look correct, but the actual email address is slightly off—perhaps using a free Gmail or Yahoo account instead of the organization’s verified domain or own address. Scammers often create a sense of urgency, claiming that help is needed immediately, or they may use emotional language designed to lower your guard.

 

You might also notice that the message contains awkward phrasing, unusual capitalization, or grammatical errors that do not fit the sender’s normal tone. Legitimate church or synod emails typically include a clear signature block, contact information, and recognizable formatting. If an email asks for gift cards, wire transfers, membership lists, or other sensitive information, take a step back and verify before acting. And always look closely at web links before clicking, since they may lead to fake websites that mimic legitimate ones.

 

In the case of the church administrator, one moment of hesitation and attention to detail prevented what could have been a serious data breach. That same awareness can protect your congregation as well.

How to Respond Safely

When you receive an unexpected or suspicious email, here’s how to protect yourself and your congregation:

Verify Through Another Channel

Call or text the person directly using a known number—don’t use the contact information in the suspicious email.

Attachment Security

Do not click links or open attachments unless you are certain they are legitimate.

Check the Sender’s Full Email Address

Even a single misplaced letter or number can reveal a fake. Official Northeastern Pennsylvania Synod emails will always come from an address ending in @nepsynod.org.

Report and Delete the Message

Every major email system has a way to report scams. Look for options such as “Report phishing” or “Mark as spam.” This not only removes the message from your inbox but also helps your email provider block similar attempts in the future.

Two-Factor Authentication

Enable two-factor authentication (2FA) on all accounts, especially those tied to church finances or communications.

Passwords

Use strong, unique passwords and update them regularly.

Protect Confidential Records

Limit access to sensitive data such as membership lists, financial records, and login credentials.

Fraud Prevention Education

Educate staff, volunteers, and congregants regularly about recognizing scams.

Software Updates

Keep software and antivirus programs up to date.

Have a Plan

Know who to contact if you suspect a breach or data theft.

computer, happy, icon, photo

Remember, these same practices apply even when a message appears to come from synod leadership or trusted partners. Always double-check before taking action.

 

Online safety is not just an individual responsibility. It is a shared act of care within the body of Christ. When we look out for one another, we protect the ministry and resources entrusted to us. If someone in your congregation does fall victim to a scam, remember to respond with compassion rather than judgment. These scams are sophisticated and intentionally designed to exploit trust, the very trust that makes our communities strong.

 

By staying alert, verifying requests, and supporting one another, we can continue to live out our mission safely and faithfully, both online and in person.

Posted inNews
Tagsnews