This sounds very similar to the "pastor urgently needs gift cards" scam that makes its way through our parish once or twice every year. I don't think anyone has been caught by it in a number of years but I feel for those who've lost money to it elsewhere.
It sounds silly but there really should be an annual announcement at Mass and in the bulletin reminding especially vulnerable folks how to avoid these things. And given the news lately, maybe an annual fraud-detection training for parish staff and volunteers!
Indeed, it's a variant of that, and I had the same thought: I wonder how many gift cards the scammed employee has bought for her pastor via email/SMS requests.
Just because of my work, I've gotten years of annual social engineering attack awareness training and I still get my "react NOW" button pressed occasionally so I can understand how someone not taught to look for those red flags could be taken in. But over 120 times?? Those fraudsters are now the Nigerian prince of scam artists.
Hi Bill N. This is Fr. <LastName> and I think that was a very good comment. I am in a meeting and I need you to buy me $500 in Apple gift cards. Could you buy them and send text me the number on the back? I will pay you back.
--
I usually have fun and ask if I can get a full indulgence for it. Without hesitation the answer is yes. I'm just not sure how people can be better informed of the various fraud methodologies out there and how to spot them. Clearly, the message isn't being received by far too many.
I've taken to stringing these guys along for a couple of hours... I emphasize my eagerness to help but ask clarifying questions. Last year, once I felt I had strung the fraudster along long enough, I got an image of an Amazon gift card barcode from google, replaced the bar code with the phrase: "How do you sleep at night?" and sent it to the scammer.
Some of them aren’t doing it willingly. Myanmar is a hot bed of scammer farms and use human trafficking and slavery conditions (complete with electronic monitoring, shock collars, beatings for not meeting KPIs, withholding documents, and demanding debt repayment with pittance pay). Its highly networked with organised crime and corrupt governments.
Unfortunately, when it comes to scams, if you do something 12 hours a day, 360 days a year, for several years you get pretty good at it. Particularly, when they are able to hone in on a likely candidate.
I'm sorry, but I simply do not understand how employees tasked with managing such large amounts of money can repeatedly be this stupid. Are they hiring poorly trained people because they are needy, or because they are buddies of the boss, or what?
Maybe a little grace can be extended here. Both my grandfathers who are highly intelligent and accomplished men who are lively and of sound mind (one was still doing colonoscopies at 85 until a year ago and still is active in medical research). The other is now 90 and aside from congestive heart failure, he’s active and a retired successful pharmacist and business man.
Both of them in the last 2 years have had scammers try them. In the latter’s case, the scammers imitated his bank so closely that even the bank was confused by it and a significant sum of money moved! And it wasn’t a little small town bank, it was one of our ‘Big 4’ who should bloody know better. It took his son, a corporate lawyer, had to throw his weight around and get to the bottom of the security breach and not treat him like a silly old coot who clicked the wrong link.
The former happened to be sick with Covid, and the scammers posing as the bank *almost* had him. He came to his senses when they asked for his password, and my mother happened to call my grandmother and overheard the other phone conversation. She got my Dad straight onto it and it got shut down before money moved anywhere. They had gotten as far as downloading screen takeover software. It was highly embarrassing for both of them, and it was hard for them to not only work out what happened but also to accept help getting it sorted.
We’re all human and those scammers are bloody good. The psychology is fascinating too. We all want to think ‘we’re too smart to fall for that..’ and yet I’ll bet you know at least one person who has and will never speak of it because it is so humiliating. That same shame is what keeps you getting scammed too, and the scammers know that too. It’s now becoming common for the same scammers to approach their own victims a couple of months later and offer ‘cash recovery services’ and ‘security checks and upgrades’ in Australia.
These scams are getting increasingly sophisticated too - think things like the "CEO" jumping on a call to confirm the "request" is really coming from him, but it's really just an AI voice clone
I don't have enough information to know if Carnitas was egregiously behind in their IT sec training and financial processes, or just "normal" behind
I'm calling steamed hams on this: a fake-CEO scam of this magnitude, over such a long period of time (6 months), utilizing what must have been hundreds of individual transactions?
Fake CEO scams are no joke -- there are instances I've seen where the scammers use AI to impersonate the voice or even video call feed of the CEO. But over six months and hundreds of transfers (less than 500k) the employee never brought it up with the president? Or anyone? A fake CEO scam is usually a one-and-done because it does rely on the scammer creating a sense of urgency: it's got to be pulled off in hours, not days. Unless the scam happened once and the fake president somehow managed to convince the employee to hand over bank passwords or something.
I would not be surprised if the subsequent transfers were forced out of the employee under the threat of blackmail or much more outright coercive than the initial hit. Especially if they need their job and we’re threatened with losing it. The good ones groom their victims for weeks and months. Never underestimate the intense shame scam victims feel after realising they’ve been had and the impact that shame has on them coming forward to face the consequences. It’s easy for us to sit here from a long distance and pass judgement, but we don’t have all the facts and the investigation is just beginning.
Yes, I had a heartrending email appeal a few weeks ago asking me to buy a gift card for a little girl who is being treated for cancer. The old tricks are always the best. Though in this case, if the transfers were spread over many weeks, one has to ask how frequently Caritas staff checked their bank account.
Well, I take comfort in knowing that the latest Catholic Church financial scandal is something that sophisticated private sector corporate CEOs have been falling for.
Now, for how much longer are we going to leave pastors who might be a gem in the confessional but total idiots in finance and fraud protection in singular charge over parish finances?
This sounds very similar to the "pastor urgently needs gift cards" scam that makes its way through our parish once or twice every year. I don't think anyone has been caught by it in a number of years but I feel for those who've lost money to it elsewhere.
It sounds silly but there really should be an annual announcement at Mass and in the bulletin reminding especially vulnerable folks how to avoid these things. And given the news lately, maybe an annual fraud-detection training for parish staff and volunteers!
Indeed, it's a variant of that, and I had the same thought: I wonder how many gift cards the scammed employee has bought for her pastor via email/SMS requests.
Just because of my work, I've gotten years of annual social engineering attack awareness training and I still get my "react NOW" button pressed occasionally so I can understand how someone not taught to look for those red flags could be taken in. But over 120 times?? Those fraudsters are now the Nigerian prince of scam artists.
Hi Bill N. This is Fr. <LastName> and I think that was a very good comment. I am in a meeting and I need you to buy me $500 in Apple gift cards. Could you buy them and send text me the number on the back? I will pay you back.
--
I usually have fun and ask if I can get a full indulgence for it. Without hesitation the answer is yes. I'm just not sure how people can be better informed of the various fraud methodologies out there and how to spot them. Clearly, the message isn't being received by far too many.
I've taken to stringing these guys along for a couple of hours... I emphasize my eagerness to help but ask clarifying questions. Last year, once I felt I had strung the fraudster along long enough, I got an image of an Amazon gift card barcode from google, replaced the bar code with the phrase: "How do you sleep at night?" and sent it to the scammer.
Some of them aren’t doing it willingly. Myanmar is a hot bed of scammer farms and use human trafficking and slavery conditions (complete with electronic monitoring, shock collars, beatings for not meeting KPIs, withholding documents, and demanding debt repayment with pittance pay). Its highly networked with organised crime and corrupt governments.
Unfortunately, when it comes to scams, if you do something 12 hours a day, 360 days a year, for several years you get pretty good at it. Particularly, when they are able to hone in on a likely candidate.
I'm sorry, but I simply do not understand how employees tasked with managing such large amounts of money can repeatedly be this stupid. Are they hiring poorly trained people because they are needy, or because they are buddies of the boss, or what?
Thank you
Maybe a little grace can be extended here. Both my grandfathers who are highly intelligent and accomplished men who are lively and of sound mind (one was still doing colonoscopies at 85 until a year ago and still is active in medical research). The other is now 90 and aside from congestive heart failure, he’s active and a retired successful pharmacist and business man.
Both of them in the last 2 years have had scammers try them. In the latter’s case, the scammers imitated his bank so closely that even the bank was confused by it and a significant sum of money moved! And it wasn’t a little small town bank, it was one of our ‘Big 4’ who should bloody know better. It took his son, a corporate lawyer, had to throw his weight around and get to the bottom of the security breach and not treat him like a silly old coot who clicked the wrong link.
The former happened to be sick with Covid, and the scammers posing as the bank *almost* had him. He came to his senses when they asked for his password, and my mother happened to call my grandmother and overheard the other phone conversation. She got my Dad straight onto it and it got shut down before money moved anywhere. They had gotten as far as downloading screen takeover software. It was highly embarrassing for both of them, and it was hard for them to not only work out what happened but also to accept help getting it sorted.
We’re all human and those scammers are bloody good. The psychology is fascinating too. We all want to think ‘we’re too smart to fall for that..’ and yet I’ll bet you know at least one person who has and will never speak of it because it is so humiliating. That same shame is what keeps you getting scammed too, and the scammers know that too. It’s now becoming common for the same scammers to approach their own victims a couple of months later and offer ‘cash recovery services’ and ‘security checks and upgrades’ in Australia.
These scams are getting increasingly sophisticated too - think things like the "CEO" jumping on a call to confirm the "request" is really coming from him, but it's really just an AI voice clone
I don't have enough information to know if Carnitas was egregiously behind in their IT sec training and financial processes, or just "normal" behind
I'm calling steamed hams on this: a fake-CEO scam of this magnitude, over such a long period of time (6 months), utilizing what must have been hundreds of individual transactions?
Fake CEO scams are no joke -- there are instances I've seen where the scammers use AI to impersonate the voice or even video call feed of the CEO. But over six months and hundreds of transfers (less than 500k) the employee never brought it up with the president? Or anyone? A fake CEO scam is usually a one-and-done because it does rely on the scammer creating a sense of urgency: it's got to be pulled off in hours, not days. Unless the scam happened once and the fake president somehow managed to convince the employee to hand over bank passwords or something.
I would not be surprised if the subsequent transfers were forced out of the employee under the threat of blackmail or much more outright coercive than the initial hit. Especially if they need their job and we’re threatened with losing it. The good ones groom their victims for weeks and months. Never underestimate the intense shame scam victims feel after realising they’ve been had and the impact that shame has on them coming forward to face the consequences. It’s easy for us to sit here from a long distance and pass judgement, but we don’t have all the facts and the investigation is just beginning.
Yes, I had a heartrending email appeal a few weeks ago asking me to buy a gift card for a little girl who is being treated for cancer. The old tricks are always the best. Though in this case, if the transfers were spread over many weeks, one has to ask how frequently Caritas staff checked their bank account.
Well, I take comfort in knowing that the latest Catholic Church financial scandal is something that sophisticated private sector corporate CEOs have been falling for.
Now, for how much longer are we going to leave pastors who might be a gem in the confessional but total idiots in finance and fraud protection in singular charge over parish finances?