In today’s society, it is likely that many people in the Jewish community interact with various forms of digital media throughout the day. While digital technology has countless benefits and provides more opportunities to communicate with their community, family and friends, the use of digital mediums also represents crimes of opportunities for criminals. Websites, social networks, e-mail accounts, and even e-commerce present a new avenue for fraudsters to perpetrate crimes in the online world. As is the case with other disruptive crimes, religious institutions are typically preferred targets because of potential vulnerabilities in their IT infrastructure as well as the symbolism for which their community represents. Synagogues need to diligently prepare themselves for any potential extremist cyber-related crime activity.
To assist with preparation, law enforcement has noted some of the more prevalent cyber-related crimes we are seeing on a regular basis:
With Jewish websites becoming common targets for hacker groups, institutions need to be vigilant about their security procedures to ensure their websites are not hacked. To increase your website and visitor’s protection, we encourage following the below tips:
- Contact your institution’s Internet Service Provider (ISP) and/or website hosting company to discuss what measures are in place to protect your website and its content and what steps should be taken in case of an incident.
- Have a current back-up version of the relevant website and establish a periodic policy of taking snapshot backups (perhaps on a weekly basis – in no case should the period be longer than a month).
- Modify institutional website content to remove any personal information (personal e-mail, Facebook pages, Twitter handles, home addresses and phone numbers) wherever possible.
One of the most common ways in which religious institutions are targeted for cyber crimes is through phishing e-mails, which can come in many forms, from a banking company, credit card company, utility company or an online service, just to name a few. No credible company will ever send an email asking for/or to confirm account, password of social security numbers. Any request along those lines should be considered an immediate red flag.
While most of these phishing e-mails will end up in your SPAM folder or JUNK folder, some may not be caught by e-mail services. It is important to remind institutional staff and key members to be wary of attachments to e-mails coming from unfamiliar sources. Some e-mails will even contain images, which were taken from the actual company to make the e-mail look legitimate. They may even be sent from an e-mail address which appears to be from the company. However, the website link is what makes most of these e-mails different. When you click on these links, you likely will be directed to a website that will either look like the company’s website and asks for your log-in credentials or a website that will install malware on your computer, thus compromising your computer. Below are a couple of ways to protect yourself and your synagogue from a phishing e-mail:
- If you receive one of these e-mails, claiming that there is something wrong with an account, contact the institution at the number on a bill or the back of a card. If it is an online service such as eBay or PayPal, log into your account and check the status. Most companies request you forward the email to their security teams.
- Make sure your computer is up-to-date with anti-virus programs and malware programs.
- Hover your mouse cursor over the website link in the e-mail and check the address that the link is going to take you to.
Online Account and E-Mail Account Hacking
Social networking pages and e-mail accounts are also vulnerable and should be monitored regularly. We have seen cases in which these pages and accounts are hacked and individuals attempt to use account information for banking compromises and solicitation of funds from contact lists. Ensuring that your password for any e-mail or online service includes a mix of letters and character and is not a typical dictionary word or basic phrase will offer significantly greater protection. It is also recommended that individuals use different passwords for their accounts. For added consideration, there are password managers that will allow you to store passwords safely and securely on a mobile device. Users should always consider using multiple email accounts – one for each separate type of activity; forums, shopping, family email, official business.
If your account is compromised and you regain control over the account, change the password immediately and check that there is no “e-mail forwarding” turned on in the settings. Another recommendation is to use multiple authentications on some services, which allows you to access your account only after you receive a SMS message to your phone with a code you need to enter on an e-mail or social media website.
Online Apartment Rental Scams
Rental scams, which involve the posting of a property allegedly for rent on various websites, are unfortunately also a common scam. This property may or may not even exist in the real world. The fraudster will often take pictures of a property from various real estate websites and claim to be the owner. Individuals who inquire about the property are often only in an e-mail conversation with the person “renting” the property. The “property owner” will often state that they are out of the area and request that the rent/security deposit are wired or sent to them, and they will send a key overnight. How can you protect yourself from this? Please have your synagogue be aware of the following:
- Visit the property you or your members are looking to rent. Make sure that the property is actually for rent.
- Check with the property management company and inquire about the unit for rent.
- Rent property through a management company with a physical address.
Secret Shopper Scams
Lastly, the “secret shopper” scam is an important crime to be aware of as it is perpetrated by criminals attempting to obtain funds and goods by using innocent victims as a pawn in their game. There are a couple of ways that you or someone in your synagogue can become part of the secret shopper scam. You apply to be a secret shopper based on a solicitation you see online and are told to pick up a money transfer at a particular location. You are then instructed to take those funds and wire the majority of the funds to another party, and then evaluate the service of the transfer location. Secret Shoppers scams can also be sent physical checks and are asked to cash the checks and wire a majority of the funds to another party. This check will often be returned as a counterfeit check.
For more information on cyber crimes and to protect yourself and your institution, please see ADL's Consideration for Digital and Online Security at Jewish Institutions.