Tips for Using Realm Account Sign Up Requests Safely
Prevent scammers from requesting a Realm account.
If your church opts to set up Realm using Invite + Realm Account Sign Up Requests, anyone can request a Realm account. An admin will regularly need to review these requests in the Overview Dashboard. Each request should be carefully reviewed by church staff.
As you know, the church is a popular playground for scammers. Gaining access to a Realm site, would give a scammer the information and a trusted platform to launch some very successful social engineering scams. A scammer works to be more believable, more legitimate, and poses as someone who wants to “help” their church. Allowing an impostor to have access to your church directory could disrupt your church community.
Is it a Scam or a Legitimate Request?
If your church receives a request for a Realm account via email or through the Realm account request process, how do you know if the person is real? It's not always easy to determine.
Ways to Verify
Bill's email and email address look a little suspicious, but is it possible that he could be visiting your church? It’s not possible to know from that email, but there are a few ways you could handle this:
-
Delete the email and see if he sends another email.
-
This won't necessarily resolve anything.
-
If Bill is actually a phishing email, he may continue to email you. The same would be true for an actual person.
-
- Reply and tell him that he doesn't need an account to give online. Direct him to request an account on your church website.
-
If he does this, your church will still need to determine how to verify if this is a legitimate request or a scam.
-
- Reply and say you're sorry you haven't met him yet.
-
Ask him something about your church that can only be known by visiting - something that isn't posted online.
-
Or you could ask him to meet you at the next service. It would be unlikely that a "phish" would try to meet you in person.
-