In our digital age, staying connected is more important than ever. However, this also brings risks. Recently, our parish—like many Catholic communities—has been targeted by scammers using "phishing" emails and text messages to deceive people. These scammers often impersonate our parish priest or staff members to trick you into sending money or sensitive information.
This article is designed to help you identify these fraudulent messages, understand our communication policies, and use Gmail's built-in tools to protect yourself and others.
Scammers are becoming more sophisticated. They know that we have become suspicious of immediate requests for money or gift cards. To bypass your defenses, they are now playing a "Long Game" to build trust.
The first message you receive might not ask for anything financial. Instead, it might look like this:
"Are you available? I have a sensitive matter to discuss via email."
"Please contact me by email as soon as possible regarding an important parish issue."
"I'm in a meeting and can't talk, but I need a quick favor. Let me know if you get this."
Why do they do this? They want to start a dialogue. Once you reply, they believe they have "hooked" you. After a few friendly or urgent exchanges, they will eventually "spring the trap" by asking for a financial favor. Be wary of any vague or mysterious requests for contact.
One of the easiest ways to spot a scammer is to look at the very end of their email address. This is known as the Top-Level Domain (TLD).
Official Domains: Our parish and school are professional organizations. We use specific domains like .org (for non-profits) or .edu (for schools). Official emails will end in something like @stalbert.org.
Public Domains: Scammers almost always use free, public TLDs like .com, .net, or @gmail.com.
If you see an email from "Father Chris" but the address ends in @gmail.com or @yahoo.com instead of our official @stalbert.org, it is a scam. A priest will not use a generic public account for official parish business or sensitive requests.
Scammers frequently include links in suspicious messages. These links may look like they lead to our parish website, but they actually send you to a malicious site designed to steal your login credentials.
Don't Click: Never click a link in an email that you weren't expecting or that comes from a non-official address.
The Hover Trick: If you are on a computer, hover your mouse cursor over a link without clicking it. A small box will appear (usually at the bottom of your browser) showing the actual web address. If the address doesn't perfectly match our official site, it is a scam.
Look-alike Sites: Scammers often use addresses that are just one letter off from the real one to trick your eyes (e.g., stalberrt.org instead of stalbert.org).
The most common tactic involves a scammer creating a free account to look official (like frchris.stalbert@gmail.com).
Always remember:
Official Communication: All official emails from our priest, parish office, or school staff will ONLY come from our official domain (e.g., @stalbert.org).
Misleading Authenticity: Modern scammers often include the real parish office phone number, our correct physical mailing address, or even the names of other staff members in their email signature. They do this to create a false sense of legitimacy. Do not let these accurate details fool you. If the email address itself is not from our official domain, the entire message is fraudulent.
Trust Your Gut: If something feels "off" about the tone or the request, listen to that instinct.
A priest, parish staff member, or school staff member will NEVER request that a parish member or school parent purchase gift cards (iTunes, Amazon, Google Play) or prepaid "cash" cards (Visa, Mastercard, Amex).
Scammers love gift cards because they are like untraceable cash. If anyone asks you to buy these for the church, it is 100% a scam.
If you receive a message that feels even slightly "off," do not reply to the email or text. Instead:
Call the Parish Office: Use the official number listed in the bulletin or on our website.
Stop By: Visit the office during business hours.
In-Person Verification: Mention the message to the supposed sender in person after Mass or during a scheduled meeting.
Never use a phone number or link provided within the suspicious message itself.
Reporting a message doesn't just delete it; it trains Google’s filters to block that scammer from reaching anyone else in the parish.
Open the email.
Click the More icon (three vertical dots ⋮) next to the "Reply" button.
Select "Report phishing."
Open the email.
Tap the More icon (three vertical dots ⋮) in the top right corner of the screen.
Tap "Report spam" or "Report phishing" if available.
[ ] Check the TLD: Does the address end in .org (official) or .com (suspicious)?
[ ] Verify the domain: Does it end in @stalbert.org?
[ ] Hover before clicking: Did you check where the link actually goes?
[ ] Ignore "Official" signatures: Remember that scammers can copy-paste our real address and phone number.
[ ] No Gift Cards: The parish will never ask for prepaid cards.
[ ] Verify Offline: Call the office or ask the priest in person.
Thank you for helping us keep our parish adn school communities safe!