Scammers Gonna Scam
A close call, and a word to the wise
We had an unusually “interesting” morning here in this household one recent day. My housemate seemed unusually rushed, and when I enquired it turned out that she had a special errand to run. She said the senior pastor of our church had emailed her asking her to purchase a number of gift cards, and she was leaving early to go do that.
Hearing this much was enough to trip my internal scam alarm, and not just because I had been a recipient in a similar previous scam targeting this church1. This is not about churches, though. It has to do with institutions of any kind that send out bulk emails such that each outgoing email contains the email address of every member of the mailing list.
As a credit to the church, several of the recipients recognized the emails as a scam and reported it—it’s apparently a regularly-recurring thing—and it is known which committees were affected.
I happen to be a member of one of those committees and I receive emails from committee officers that they mail out from their own private lists, bypassing the church’s secure bulk mailing service. I keep organized email archives and from them I identified three people who had done this in the past year. The church wasn’t particularly interested, and now I get to have a conversation with the team.
You might wonder why even bother? Well first, those requested gift cards were not little $15 ones. They were for major amounts. Second, I am surprised at how people can be fooled by this trick, not noticing the numerous peculiarities in the scam emails, and not suspecting that anyone would do such a thing. I want to at least communicate that these scams don’t “just happen”. Some of this is preventable.
My housemate now knows better. I don’t think she’s quite up to also examining the sender’s email address just yet (gmail.com in this case), but we’ll work on that. Some email clients make that easy (e.g. Proton), while others can make it more difficult. Examing email headers? Maybe not.
So then, a word to the wise. Yes, scammers do these things, and they use tricks designed to bypass the defenses of those who have too rosy a view of the world. Don’t be caught by surprise if you think it can’t happen to you.
It helped that I’m an IT consultant working part-time in retirement, and online security is part of what I do.

