We’ve recently had a number of complaints of what seemed to be spam emails from various district or lodge leaders. These emails would typically seem as if they were coming from a lodge leader and would ask for money, a gift card, etc.
This is referred to as spear phishing. You likely have heard of phishing, which is when a bad actor sends an email asking you to do something (e.g. send gift cards or give out your password). Spear phishing is a more sophisticated type of phishing, which we experienced here, when the bad actor makes the email look more legitimate by using a familiar name and title, and by sending it to people likely to relate (in this case, lodge members).
One of the easiest ways to identify an email as a phishing attempt (which applied here) is that the sender’s name and email address do not match. Another big giveaway is that they often come from out of the country and the emails contain broken English.
One reason we are susceptible to these types of phishing attempts is that the contact info for our district and lodge leaders is publicly available on our website. We have decided to temporarily disable this feature as we consider better alternatives. As of today, the Lodge Directory on the public website has been temporarily removed, and the page now redirects to a zip code finder for people looking for a lodge in their area.
We will continue to actively monitor this situation and take necessary steps to safeguard your data, while helping our members find the information they need. Please feel to reach out to David Crabb with any further questions or concerns.