Cybersafety

October is National Cybersecurity Awareness Month – a month-long effort to raise awareness of the importance of cybersecurity and highlight security best practices. National Cybersecurity Awareness Month is led by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance and this year’s theme is “Secure Our World.” We at First UU also want to raise awareness for the upcoming holiday season.

In cybersecurity, CIA stands for Confidentiality, Integrity, and Availability, which are the three components of the CIA triad:

Confidentiality: Protects information from unauthorized access
Integrity: Ensures data is accurate and not tampered with
Availability: Ensures data is ready for use when needed

From a congregant/customer side, scammers are trying to cause:

Panic – call/email/text tries to immediately convey or convince you did something morally and financially wrong. This can cause feelings of shame/embarrassment/secrecy are what the scammer wants. They often try to isolate and scare you. Grandparent and other relationship scams often exploit feelings.
Power shift – Only the scammers “say” they have the power and can help if you follow their way to “save the day”. The scammer wants your trust.
Play – Scammers play on your emotions to impersonate friends, family and companies and government agencies. They are acting to play mind games with you to steal your money and personal information. Scammers may also ask for donations, gift cards, etc. to play on your sense of charity and morality.

PAUSE and think it through by using other trusted, different devices, friends and family. Please remember, NO ONE from FirstUU will contact you and ask for you to give gift cards or money transfers for a need within the church. Read on for UU to find ways to increase your awareness.

The Social Security Administration wants to stop scammers from stealing your money and personal information.

Scammers pretend to be from a familiar organization or agency, like the Social Security Administration. They may email attachments with official-looking logos, seals, signatures, or pictures of employee credentials. Example Scam Alert
Scammers mention a problem or a prize. They may say your Social Security number was involved in a crime or ask for personal information to process a benefit increase.
Scammers pressure you to act immediately. They may threaten you with arrest or legal action.
Scammers tell you to pay using a gift card, prepaid debit card, cryptocurrency, wire or money transfer, or by mailing cash. They may also tell you to transfer your money to a “safe” account.

For those that are more grammatically neurodivergent, look back at the 5Ps.

SSA Scam Reporting Form | SSA Slam the Scam Resources | Scam SSA Alert

Remember stranger danger. Set your boundaries. Protect your own psychological safety. This message has been a collaboration between the church in Richmond Communication and Pastoral Care committees . Thank you to all the committee members, and the congregation for their information and support. Questions? Please email pastoralcare@richmonduu.org if you have specific concerns.

Please remember, NO ONE from FirstUU will contact you and ask for you to give gift cards or money transfers for a need within the church. Also, please be sure to review who the email is actually from. The spammers will use an email address that looks similar to FirstUU emails. All staff of FirstUU have domain related email addresses. Make sure the email uses this email format – @richmonduu.org.

In light of the recent holiday donation email and text scams, we at the 1UU would like to remind you that our website has information and tips below on how to keep yourself safe online. Work safety and environmental safety advocates advise people to use your senses to SLAM. SLAM stands for Stop, Look, Analyze/Assess, Manage. These cautionary clues can indicate potential scam. These tips include:

Get a second opinion from another household member or different friend
Think about whether the message is confusing, angry, surprising, foreign, unexpected, weird, or out of the blue
FTC.gov: A Phone Scam That Starts with a Postcard
Unfamiliar donation requests, delivery notifications, invoices, receipts, charges, offers, gift cards, or other language to claim a prize
If a suspicious message is received on one device (i.e., email phone, computer, tablet, etc.), use a different device to verify the information in that message. You can also do a spam phone number lookup at https://lookup.robokiller.com/
Scammers often ask for gift, bank or pre-paid cards, or other private information
If a scammer calls, texts, or emails you, don’t respond and block them
Put your known friends contact information in your contact lists
Different codes (outside of 804, 757, etc) can sometimes indicate potential spoofing
Look out for grammar and spelling mistakes in email addresses, messages, and links
Don’t click on links unless you are absolutely sure they are trustworthy. Unknown links could install malware.
Spammers and scammers trick people and get you with TIME=Time, Information, Money, Engagement or all 4

Scammers vs. Trusted friends

Scammers spook and spoof your real and trusted friends

Trusted friends don’t spook, spoof, go poof, or take advantage of your TIME=Time, Information, Money, Engagement

Scammers take advantage of known friends, entities or reputable companies like Amazon, Geek Squad, Best Buy, Paypal, etc.

Trusted friends, entities, and companies want to protect their solid reputations

Scammers want you to respond urgently

Trusted friends respect your time and boundaries

Scammers offer quick and easy solutions that seem too good to be true

Trusted friends do not offer too-good-to-be-true solutions and will patiently wait for you to verify them

Scammers want to be confusing

Trusted friends want to be clear

Scammers pretend to be friends or real people

Trusted friends do not pretend to be someone they are not

Scammers attempt to lure, trick, and manipulate you with various tactics

Trusted friends do not try to trick or manipulate you

Scammers prey on your fears, worries, and doubts

Trusted friends treat you with dignity and respect

Scammers want to cause panic

Trusted friends want you to feel safe and comfortable

Scammers use links and mistakes to disorient you

Trusted friends do not make mistakes to disorient you; rather, they help you recover from mistakes without losing

Scammers give you F.E.A.R. (False Evidence that Appears Real)

Trusted friends are truthful, transparent and upfront

Scammers take strange or suspicious actions to cause big reactions

Trusted friends do not take strange or suspicious actions to cause big reactions

Other quick cyber tips

Google tools and best practices to be safe online

A scammer can purchase a fake HTTPS

Prize security over convenience

As the church continues to explore the changing capabilities of the internet and YouTube, it’s important for all of us to remember that there are people out there who are working in the dark areas of the web. These dark parts of the web are also known as the Dark Triad. Scammers use malevolent, morality, manipulative tactics like the examples above to gain your personal trust and information.

Have you been spoofed? Have you been scammed? Have you been tricked online? You are not ALONE! First UU wants to proactively communicate and educate our community with a message for ALL ages and skill levels.

Every year since 2003 October has been recognized as Cyber Security Awareness Month (CSAM). Email spoofing is pretending to be your friend. This is sometimes designed to overcome what most of us learned in school about stranger danger. “Stranger danger” is the idea or warning that all strangers can potentially be dangerous. It is an example of a moral panic that people experience regarding anyone that they are unfamiliar with in society. This panic is often to help a friend or family member. In the technology/internet or computer world, these scammers often attempt to steal your data by worming their way into your accounts through something called “phishing.” They’ll send an email out to a large group of people, including you, recommending you click a link because of something that’s occurred within our church community. (Recently, a scamming attempt used Rev. Amy as a ruse, for example.) The easiest way to avoid these attacks is to not click on anything unless you know for certain it’s legitimate. That can be difficult but there are several rules to follow:

If you receive a suspicious email, text spoof, or other suspicious message you should immediately delete it (report it, mark as spam – whatever the correct action is).

If someone contacts you unexpectedly, take control by contacting them later. Urgent action is rarely necessary. Incoming calls or emails should not be directly responded to. Make your own separate outgoing call, email, or text. This allows you to take control. Here are some simple reminders.

Compare the email address with a known message or previous information.
Legitimate people and organizations are patient and encourage verification. Good people want to verify the information to work for a good company. People with malicious intent are looking to take advantage of people, their identity, or their privacy.
If you are scared or intimidated (which is part of what scammers prey on fear) by computers or technology, consult a more advanced or tech-savvy person you trust.

Remember that scammers will try to scare you or try to urgently/ASAP get you to respond. They typically use this pressure to take action, click on a link or respond quickly. Computer safety advocates advise children not to communicate with strangers through text messages on cellular phones or email on the computer. If strangers attempt to contact you through messages on cellular phones or email on the computer, tell the police, a parent, or any other trusted adult. Scammers use the names of people you know to spoof or impersonate friends, companies, or people you traditionally trust. They typically want bank information, gift cards, or access to your email contact list. Whatever you do, don’t give out any of that information through email unless you know exactly with whom you’re communicating. If a link is confusing or unknown, it could be a digital mousetrap. Be your own digital safety advocate. As another reminder, according to Google email (GMail): Phishing is a form of fraud in which a message sender attempts to trick the recipient into divulging important personal information like a password or bank account number, transferring money, or installing malicious software. Usually, the sender pretends to be a representative of a legitimate organization. According to the Social Security Administration, scammers sometimes use legitimate law enforcement and government agencies’ information and documentation as tactics to gain trust. SSA scam information is listed below. You can take basic steps to verify the information by going directly to the legitimate organization.

Call the person or the organization directly at a previously verified or 800 number or go directly to the organization’s website. NOT from the email or text message from SCAMMER
Verify the information and that it is not a false alarm
Report to the previously verified legitimate organization like Capital One. Capital One has scam education information below

Remember at 1UU we act intentionally to protect and defend vulnerable people. It is part of our behavioral covenant together. So if something feels suspicious, verify the source. If the email/social media message looks/feels strange, make sure your computer/identity is not in danger or at risk.

More education and awareness resources below.

Stranger danger – Wikipedia

Be Aware: Text Scamming Alert – UU Ministers Association

Talking About Internet Safety is Family Ministry | Guide to Faith Development | LeaderLab | UUA.org

October: Cybersecurity Awareness Month

FCC Scam Glossary

11 Ways to Check if a Website is Legit or Trying to Scam You

Ready.gov Cybersecurity

How to recognize a fake Geek Squad renewal scam

Block phone numbers, contacts, and emails on your iPhone, iPad

Scam Education | Capital One

Scam Alert | SSA Office of the Inspector General