Warning: Scam Email/Text Attack on NCPC members & friends

We wish to inform our community that on February 22, 2022, we identified scammers waging a fraud campaign targeting members and friends of NCPC. Again on October 4, 2022, another attempt scamming attempt launched targeting our members and friends. 


Through a sophisticated phishing email, they successfully influenced a church member to send them a PDF copy of our membership directory. Since then, they have engaged in a comprehensive and sustained campaign of fraudulent emails and text messages. Most of these claim to be from Pastor Kurt, initially seeking a conversation with a follow-up request to provide gift cards. However, some phishing emails are being perpetrated in the name of fellow members of the church. It began with emails and has developed into phone text messages as well.  

In the sections that follow you will find helpful resources to guide you through this: 

  • Suggestions for what to do if you have been contacted and/or surrendered information
  • Helpful tips for reporting fraud to the authorities and protecting your information and identity
  • A running list of alerts sent through our email alert system.  If you have not received these emails, it means you are not signed up for church communications.  To sign up, click here and follow the links to sign up for the weekly Connections email.


Please be advised of these facts, and share them with your fellow church members: 

  • GIFT CARD REQUESTS: Pastor Kurt will NEVER contact you to buy gift cards for any reason, no matter how sympathetic the cause.  Response to any legitimate need will follow proper procedures, and these do not involve asking members to purchase gift cards.
  • PASTOR KURT EMAILS: Pastor Kurt's email account remains secure.  For all incoming emails, read the "From" line.  If it is coming from Pastor Kurt, it will originate from "kurt@northcreekpres.org."  Any misspelling of this address or different address should be considered fraudulent.
  • PASTOR KURT TEXTS: Pastor Kurt does not openly share his cell phone number or use it as a primary device in his ministry, preferring to reserve it for pastoral emergencies.  That being said, all of Pastor Kurt's phone number area codes are local to Mill Creek.  Any alternate area code reveals a fraudulent text.
  • CHURCH DATA & EMAIL IS SECURE: All information security systems at the church are currently secure.  It's important to note that the information scammers have is not from hacking our security, but from "phishing" our membership for information.  To keep our system secure, DO NOT under any circumstance send login access information to someone else, even if you think you know who you're talking to.  Direct them to the proper authority within the church who distributes access.

Official Guidance Q & A

What do I do if I receive an EMAIL purporting to be from Pastor Kurt, requesting a favor or asking me to purchase gift cards?

DO NOT REPLY!  Forward the email to Michael Mallant, our IT Manager at it_support@northcreekpres.org, then delete it.  DO spread the word among your network of friends in the church, especially those you think might be most vulnerable to this kind of fraud.


What do I do if I receive a TEXT MESSAGE purporting to be from Pastor Kurt, requesting a favor or asking me to purchase gift cards?

DO NOT REPLY!  Report it in an email to Michael Mallant, our IT Manager at it_support@northcreekpres.org, sharing the phone number sending the text.  If you know how to take a screen shot, attach this to the email.  Block sender.  Report it to the FTC (https://reportfraud.ftc.gov/#/).  Delete the text.  DO spread the word among your network of friends in the church, especially those you think might be most vulnerable to this kind of fraud.


What information do the scammers have in their possession?

The scammers have a copy of our church directory, which includes names, addresses, emails, and phone numbers.  It is possible that they may have obtained more personal information by "phishing" for it from members.  This began when scammers initiated a phishing campaign that was successful in obtaining a digital copy of our church directory. 


What makes this threat different from others we've seen in the past?

Scammers are currently engaged in a sustained and systematic attempt to obtain gift cards and personal information by contacting NCPC members and friends under the guise of Pastor Kurt and other church members.  The number of people contacted - currently in the hundreds - far exceeds any previous threat we have faced.

Reporting Fraud and Protecting Information & Identity

Click Here to read the official report of the incident to the members of North Creek Presbyterian Church


What resources can I access to help me deal with this threat and protect my identity and security?

Running Account of Official Fraud-Warning Emails

February 26, 2022

North Creek Presbyterian Church has identified a cybersecurity threat.

You may have received a fraudulent text message.

Date First Reported: 02/26/2022

Threat: Request for a favor and/or to purchase gift cards for women going through cancer. These texts are purported to be from Pastor Kurt. THEY ARE NOT.

Originating Source:  Multiple telephone numbers, most with non-local area codes. These are NOT Pastor Kurt's cell phone number. 

Action: Do not reply to text. Block the number. Report it to the FTC (https://reportfraud.ftc.gov/#/). Report it to it_support@northcreekpres.org (attach screen shot), then delete.

If you have fallen victim to this threat or require additional assistance, please contact Michael Mallant at it_support@northcreekpres.org


February 24, 2022

North Creek Presbyterian Church has identified a cybersecurity threat. You may have received a fraudulent email or text.

Date First Reported: 02/24/2022

Subject: North Creek

Threat: Request for a favor and to email as soon as you get the message.

Originating Source: from reneehoke.uccftw@gmail.com or anna.uccaustinn@gmail.com- This is NOT an official North Creek email address. 

Action: Do not reply to email. Forward the fraudulent email to it_support@northcreekpres.org then delete.

If you have fallen victim to this threat or require additional assistance, please contact Michael Mallant at it_support@northcreekpres.org


February 23, 2022

North Creek Presbyterian Church has identified a cybersecurity threat. You may have received a fraudulent email or text.

Date First Reported: 02/23/2022

Threat: Email falsely states that Kurt is requesting that someone buy an eBay gift card for some women going through cancer.

Originating Source: from kurt.northcreekprres@gmail.com This is NOT an official North Creek email address and is NOT originating from Kurt’s official NCPC email address.

Action: Do not reply to email. Forward the fraudulent email to it_support@northcreekpres.org then delete.

If you have fallen victim to this threat or require additional assistance, please contact Michael Mallant at it_support@northcreekpres.org


February 23, 2022

Memo

To: NCPC members and friends

From: Pastor Kurt Helmcke


Good morning to you all. I'm writing this personal note in response to a series of scam email attacks on members of our congregation. Our IT manager Michael Mallant has assessed the threat level as HIGH. In fact, some of you may suspect that this email may not actually be from me. That level of suspicion is warranted at this time.


We have reason to believe that our member directory information may have been compromised. That means you may begin receiving scam emails from fellow NCPC members, and that will be harder for us to track. Be assured that all of our internal and cloud-based information systems are fully secure (database, giving, etc.).


For the time being, please follow these measures:

  1. Suspect that all NCPC-related emails MAY be fraudulent.
  2. Report all suspected emails IMMEDIATELY to Michael Mallant at the IT email listed below.
  3. Follow up suspicions by contacting people by phone. If a fellow member appears to be seeking information from you, please confirm it is them before offering information.
  4. At this time we ask all NCPC members and friends NOT to ask anyone for information via email. Please contact fellow members by phone with requests.
  5. The online church directory has been taken down temporarily. If you need contact information, please call the church office from 10am-1pm, Monday - Thursday.
  6. Printed directories are available in the church office. Please understand that you may be asked to provide photo identification if the volunteer in the office is new or does not recognize you.

Even in the midst of this challenge, God is with us. May the grace of the Lord Jesus Christ, the love of God, and the fellowship of the Holy Spirit be with you day by day.

Blessings in Christ,

Pastor Kurt


February 23, 2022

North Creek Presbyterian Church has identified a cybersecurity threat. You may have received a fraudulent email or text.

Date First Reported: 02/23/2022

Threat: Threat: Email states that Kurt is needing a favor, and to email him as soon as you get this message.

Originating Source: from usctylerda@gmail.com or harveyportlandavenue@gmail.com - These are NOT an official North Creek email address and is NOT originating from Kurt’s official NCPC email address. There is evidence of multiple originating sources:

Action: Do not reply to email. Forward the fraudulent email to it_support@northcreekpres.org then delete.

If you have fallen victim to this threat or require additional assistance, please contact Michael Mallant at it_support@northcreekpres.org


February 22, 2022

North Creek Presbyterian Church has identified a potential cybersecurity threat. You may have received a fraudulent email or text.

Date First Reported: 02/22/2022

Threat: Threat: Request for password to access members directory posted on the church website.

Originating Source: from Cherri.atoneluth.org@gmail.com - This is NOT an official North Creek email address. A text from 724-281-3617 may have also been used to contact members via text.

Action: Do not reply to email. Forward the fraudulent email to it_support@northcreekpres.org then delete.

If you have fallen victim to this threat or require additional assistance, please contact Michael Mallant at it_support@northcreekpres.org