Why should a church care about email phishing?
That’s a reasonable question to ask. Generally speaking, when most people think about cyber attacks, phishing threats, and the like, they think about healthcare, professional services, and small to medium-size businesses. But not churches. Furthermore, many churches take a casual attitude regarding cybersecurity—sometimes thinking that they are immune to such attacks.
What is email phishing?
Email phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. When an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message.
Since March, it is estimated that email phishing attacks have gone up by 600%. Phishing attempts have also become considerably more nuanced and disturbing.
Here are three examples:
- Phishing emails mimicking health officials are communicating that you have been in contact with someone who has tested positive for COVID. They urgently request that you click the provided link to know what next steps you should take.
- A pastor had his email taken over by a hacker who gained access through a previous breach. The hacker then sent emails to the people in his congregation requesting gift cards and money because he needed support.
- Phishing emails tell recipients that their voter’s registration applications are incomplete – but instead steal their social security numbers, license data, and more.
The effects of a successful phishing attack can leave a church utterly devastated.
Churches in the 21st century must have a robust cyber system.
Below are three reasons why a hacker would want to target a church.
- Training. Most staff haven’t been trained on how to spot phishing emails. In many corporate environments, most employees must go through a one-time mandatory training on email phishing basics. That type of training isn’t standard in a church setting.
- Money. Although churches aren’t dealing with revenue like a typical for-profit business, all churches have tithes that they are responsible for. Hackers are looking for ways to exploit organizations to gain access to money.
- Information. Churches generally house a lot of personal information on its members. They have their names, addresses, hobbies, email, phone numbers, children’s names, and more. All of which is precious information for a hacker to get.
At TacticalPhish, our desire isn’t to use fear tactics. However, we do believe in communicating the reality of the situation. As a church, you have a clear mission. Don’t let a socially engineered phishing email ruin that mission. We are passionate about serving you and your mission.