Beware: A Phishing Scam that Almost Got Me

Jason Broadwater (president of RevenFlo) has been invited to speak at the Cathedral Church of St. Paul the Apostle (St. Paul’s Cathedral) in London, England… Or so I thought.

I was approached by email by someone impersonating the Very Reverend Dr. David Ison, current dean of St. Paul’s Cathedral in London. He asked me if I would come and provide the keynote at the annual church conference in September. This was very exciting but wasn’t completely far fetched, as I receive a handful of speaking inquiries each month and many of them are at impressive places / events. Though I was particularly excited about this one, and that’s exactly what blinded me to the obvious red flags about the whole situation.

St. Paul’s Cathedral is iconic. It has helped define the landscape of modern day London for over 350 years and remains a main landmark in the city. St. Paul’s Church has resided in the same location since 604 AD – one of the oldest churches in London. It’s the church of the people(by contrast, Westminster Abbey belongs to the Queen and the Royal Family). So, the church has often been the staging ground for social statements and commentary, ranging from the funerals of the famous Lord Nelson and Prime Minister Margaret Thatcher, to the iconic wedding of Prince Charles and Lady Diana, to the London headquarters of the Occupy movement in 2011. The church has always stood as an icon of the people.

St. Paul’s is exactly the kind of place where I would love to speak. And that’s what made me vulnerable. The scammers did their research obviously. They targeted me as a keynote speaker to offer me a gig with which I would be enamored (even dizzied slightly with excitement), but they knew that it wasn’t completely far-fetched for me to believe it either, as that’s what I do professionally, and I get offered surprising opportunities a good bit.

After the fake Reverend made contact with me, and while I was excitedly sharing the news with my wife, the Dr. then handed me off to an event planner who sent me details and wanted to work through fees, logistics, travel, etc. We spent several emails back and forth negotiating and arranging these things. The whole thing seemed very real and normal except for a few oddities that I was eager to overlook.

One thing that was identified was that I did not have a work permit for England and needed one. They said time was short so we needed to act fast on that part. So, they introduced a third person who supposedly worked at the UK Border Agency. This person was going to help me with a process of getting my appropriate papers. All she needed was my passport information. Then there was going to be a fee that she could pay on my behalf. But first, I needed to hurry and get them my passport information.

Well… this is about 7 emails in, and I was bought in for sure. I was looking at tourist destinations and hotels online and making plans to go to London for a week with my family – it consumed my whole day. Then, right before I sent my passport information, it suddenly dawned on me that this may be a scam. Thank goodness it did. I then looked back over the emails and the contracts they had sent and everything was weird… obviously weird. I should have seen this the whole time, but I was just wanting it to be true, I guess. Someone who had no desire to give keynotes in fascinating places would have seen the whole thing as weird from the start. But they hit me in a blind spot.

Here’s what all should have been a red flag:

• The first email came from the highest person in the organization, the Very Reverend Dr. David Ison himself. This was strange.
• The English in the email was stilted and a bit rambling. This should have been an immediate red flag but I justified it with a notion of eccentricity.
• Then I was handed to an Edward Smith (event coordinator). His English was also a bit stilted or off somehow. And I thought, well, maybe he wasn’t a native English speaker (c’mon! Edward Smith! I was blinded.)
• Then I was introduced to a UK Border Agent whose English was the same way. It was good, but off just a little to be noticeable. I’m now thinking it was all the same person.
• None of the emails were from the Church’s actual domain. None of them were [email protected] – They were from: [email protected]; [email protected]; and [email protected].
• They were trying to hurry me, everything was about getting this all done asap.

These are all big red flags that I should have seen, but I was blinded by my excitement. That’s how they do it. They just tell you what you want to hear and then keep you distracted with a bunch of logistics that are all bogus so that it makes perfect sense and seems secondary when they ask you for personal information. It’s like slight of hand. They have you watching the wrong thing.

Luckily, I did not send them any personal information. But man I was close. I hope this story helps others steer clear of being scammed. And maybe even makes it harder for scammers to get away with it. Be careful out there!