Staying Alert With Scams

Contributed by Gordon Fuglie

At the end of February I received a colorful Punchbowl Evite from a friend at Hope. As you may know, an Evite is a digital, customizable invitation sent via email, text (SMS), or social media platform. Punchbowl is a popular and free web-based and mobile-app service for creating and sending digital invitations for events, as well as greeting cards. But I soon found out this Evite wasn’t a genuine Punchbowl email.

The email represented itself as an invitation to a brunch. It was scheduled for a Sunday and just after our Sunday worship so I naturally assumed it would be held at Hope and would include members of our congregation. To accept the invitation, all I had to do was respond to the Evite with my Google password, which I did. I thereafter followed up with a separate email asking if I could bring something to add to the brunch menu (ever the helpful Lutheran!).

The friend soon responded. She informed me that her email recently had been hacked and that the brunch invitation was false: “Gordon, I spent the better part of yesterday morning changing my passwords and also e-mailing people I haven't talked to in years asking about this bogus brunch.” She warned that in addition to their nuisance, such scams - also known as “phishing” - are hostile attempts to steal your money, or your identity, by getting you to reveal personal information. I followed suit and spent the next two hours re-setting my passwords to accounts that I feared were now compromised.

Similar to the Evite incident, my wife and I learned that a friend of ours had been successfully scammed via a fake text message. She had been trying to track a certified mail package containing sensitive legal documents that appeared to be lost in limbo at a USPS processing center due to an “insufficient address.” After filing a missing mail search request with the USPS, she received an official looking text from the “USPS.” It “confirmed” that her package had been delayed because of an “insufficient address” and that more postage was required for it to be delivered.

The sender directed our friend to a payment link to cover the difference. When she clicked on the payment link and entered her credit card information, it was reported as “not recognized,” and she was directed to try a different card. The second card similarly was reported as “not recognized.” At that moment our friend realized that she had given her credit card numbers to a scammer. Like my friend and I, she took immediate action and contacted her credit card companies to report the scam, cancel accounts, and obtain new cards. 

Being alert to email scams: The first rule for checking suspicious emails asking for your information or payments is to look at the sender’s email address. In the brunch scam, it turned out that the Evite was not sent from mail@mail.punchbowl.com, the company’s official communication address. That was the giveaway. In the case of our other friend, if she had hovered her finger or mouse over the link before clicking it, the link would have been revealed as not belonging to USPS.gov. And this incident raises another question: had our friend’s original inquiry to the USPS been hacked by a scammer who then obtained her cell phone information? 

So again: let’s stay on our guard!