Updated February 2024

The Diocese of Metuchen has issues a warning that there is an increase in scams involving the impersonation of clergy in the Diocese of Metuchen. As a reminder, emails from Fr. Hank will come from fhilton@loyola.edu OR fatherhank@sjmillstone.com.

Urgent: We have received reports of parishioners receiving an email and/or text from Fr. Hank requesting the purchase of Ebay or Gift Cards.

This is a scam. Please do not respond to this email and do not purchase any gift cards or offer any assistance.  

  • The email is coming from a FAKE address:

    • Fr. Hank Hilton <revfather.parish257@ gmail.com>

    • Content of message:

      Greetings

      Let me know if you are on desk ? I want you to help me out with an order .

      Love And Light

  • Do not respond. Please report any incidents of this to me at bobf@sjmillstone.com.
    Emails from Fr. Hank will come either from his Loyala.edu address or our St. Joseph’s domains (SJMillstone.com or StJosephsParish.com) fhilton@loyola.edu, fatherhank@sjmillstone.com or fatherhank@stjosephsparish.com. If this should ever change the parish will be notified.

Posted on Tuesday, Sept 14, 2021

Urgent: We have received reports of parishioners receiving an email and/or text from Fr. Hank.

This is a scam. Please do not respond to this email and do not purchase any gift cards or offer any assistance.  

  • The email is coming from a FAKE address:

    • revfather.parish257@ gmail.com

    • frhankhilton@ gmail.com

    • catholicpriest66@ gmail.com or

    • fhilton.stjosephsparish@ gmail.com or

    • fr.hilton.loyola@ gmail.com or

    • fr.hankhilton.stjosephsparish@ gmail.com or

    • priest.catholic001@ gmail.com

    There is a screenshot of the email below.


Do not respond. Please report any incidents of this to me at bobf@stjosephsparish.com
Emails from Fr. Hank will come either from his Loyala.edu address or our St. Joseph’s domains (SJMillstone.com or StJosephsParish.com) fhilton@loyola.edu, fatherhank@sjmillstone.com or fatherhank@stjosephsparish.com. If this should ever change the parish will be notified.

Thank you.

SAMPLE SCAM/PHISHING MESSAGE (Do not respond to messages similar to this:)

Sample Phishing Email

Sample Phishing Email

Hello Sue , Are you less busy at the moment?I got a request for you to manage confidentially. I will be into a meeting in few minutes, no calls so kindly respond via email.

Fr Hank Hilton

OR

Hi [you name], how are you doing?
I need a favor from you, email me as soon as you get this message,  I'm in a conference meeting right now and only have access to mail that’s why i'm contacting you through here. I should have call you instead of mailing you but phones calls are not allowed to be use during the short hours i'll be using here.  

God Bless,Fr. Hank Hilton S.J 

OR

Hi, how are you doing?
I need a favor from you, email me as soon as you get this message.
God Bless
Fr. Hank Hilton

SCAM EMAIL

SCAM EMAIL

Email Impersonation Scams on the Rise
(This content is provided by the Diocese of Metuchen)

Email is the primary form of communication for everyone here in our Diocese. Email provides users a quick and reliable way to effectively communicate with our clergy, staff, parishioners,  friends, and family. Though email communication is essential in a digital world, it can also be dangerous. Cybercriminals are taking advantage of email-based communication by creating and delivering impersonation based scams to our diocesan users. The diocesan Office of IT has received reports of email impersonation scams that appear to be sent from clergy and staff. The bad actors are able to achieve seemingly realistic emails through the use of email spoofing.

What is Email Spoofing?

Email spoofing is the forgery of an email so that the message appears to have originated from someone or somewhere other than the actual source. Email spoofing is a popular tactic used in phishing and spam campaigns because people are more likely to open an email when they think it has been sent by a legitimate or familiar source.

 The intention of the attacker is to trick their victims into:

  • Clicking on hyperlinks to take over the victim's computer and/or steal user credentials

  • Opening a file attachment to install ransomware or other malicious code on the victim's computer

  • Making money transfers, or paying fake invoices

  • Purchasing gift cards and transmitting the claim code on the back

A common tactic scammers use is to send emails using the display name of someone within the organization and an external email address. Some users won't notice that the email didn't come from the user with the display name and deal with the email as if it was genuine.

Example: Rev John Doe <ft.john.doe.parish@gmail.com>

Other methods rely on tricking the eye by using a domain name that looks like a trusted source. Purchasing domains that are similar to the ones impersonated is a common strategy that is often used in phishing attacks.

Example: Rev John Doe <father.Joe@ParishNJ.com>

These types of attacks are especially successful when viewed on a mobile device since most phone-based email programs don't allow users to hover over links or to see the full email headers.

Recognizing an Email Impersonation Scam

From: Rev John Doe <ft.john.doe.parish@gmail.com>

Date: Thursday, September 18, 2019 2:35PM

 Subject: You have 1 important pending message

Hello,
You have 1 important pending message from IT Service Desk.
View * <https://www.eterniaquartz.com/wp-content/DIO/login.dio_org.html>
 Thank you,

 To learn how alerts like this one help you to protect your webmail:

  1. Check the "From" address line in the email. If you receive an email from a sender that you may be familiar with, always remember to check the "From" address line to make sure that the email is coming from a legitimate source. If viewing the email from a smartphone and you have suspicions of where the email originated from, open the message up in an email client on your computer to view the email domain name.

  2. Beware of urgent language. These emails oftentimes come with a sense of urgency. Phishers, in particular, tend to use this, attempting to elicit panic in their victims. A frazzled and fearful victim can be more apt to follow instructions in the email.

  3. Look for generic language. Scam emails often contain generic language and/or greetings that could apply to anyone receiving the message.

  4. Avoid clicking suspicious links or downloading suspicious attachments. Cybercriminals will usually create a spoofed webpage where you will be directed to enter your credentials or bank account information. This particular attack redirected users to a fake login.dio_org webpage.

  5. Be careful of unexpected, out of character emails. When receiving a message, ask yourself if this is normal communication from the sender by confirming that the wording and signature of the message are consistent with other emails from the same sender.

Additionally, learn how to read and understand email headers to view who the message was really sent from. An email header is a block of information about the message that includes the sender, the recipient, the date, sending and receiving time stamps and the servers that handled the transfer of the message. There is more information on understanding email headers at the following website:

https://mediatemple.net/community/products/dv/204643950/understanding-an-email-header (link to outside source)

Thank you for your cooperation.

Diocese of Metuchen Help Desk, Office of Information Systems
732-562-1990 x1530 | helpdesk@diometuchen.org