Cybercrime is one of those techie buzzwords that sounds complicated and futuristic, leading many to underestimate its real threat.
According to a 2020 study, 40% of churches believe they’re too small to be targeted by cybercriminals, but nearly 43% of all cyberattacks in North America target ministries and nonprofits.
Most of these security incidents are attributed to phishing, or the technique used to acquire sensitive information through fake emails by pretending to be a legitimate person or company.
Phishing scammers have gotten smarter over the years. They use the names of people you know and companies you interact with to trick you into giving up information or opening malware.
Working in ministry, accidentally falling for a phishing scam impacts more than just you. You can access congregants’ addresses, phone numbers, email addresses, birth dates, and even banking details. And they are trusting you to keep their information safe.
We get it. You don’t want to put your members or your church at risk, but you don’t want to add significant effort just to check your inbox.
The good news is that there are three easy things that even your least tech-savvy staff member can do to identify phishing emails and protect your ministry.
These steps apply to both your personal and your professional email accounts. If you use the same device to log into both, then any information on that device is at risk.
Step #1: Watch Out for Unnecessary Urgency or Unexpected Messages
Many phishing messages will urge you to take action immediately or make you feel as if something negative will happen if you don’t follow the email’s instructions. They’ll look like they’re coming from a legitimate company and may tell you:
- There’s been suspicious activity on one of your accounts.
- To update personal or payment information.
- You need to verify your information.
- You’re eligible for a refund or discount, but you must register first.
- To click a link to pay an invoice.
Real companies will direct you to log into your account, but won’t ask you to click a link to update your information. You’ll also receive multiple notices for any out-of-date info and pending invoices.
You will very rarely receive a message that requires such urgency, and any authentic concerns can be independently verified outside of that one message.
The alternative to these is to receive a message, supposedly from someone you know, asking for information. Some will tell you:
- To click on a link to see a video.
- To send them sensitive information.
- They need money and ask you to help.
Any unexpected messages, even from someone you know, should be viewed cautiously.
Step 2: Look for Mismatched Information, Bad Grammar, or Generic Messages
Phishing emails often have other warning signs in addition to their content.
These scams often contain:
- Bad grammar.
- Missing punctuation.
- Generic greetings.
- Misspelled words.
It’s also common to see fake emails that claim to be from one person or company but have a different email address.
For example, a phishing email claiming to be from ACS Technologies might come from a domain like @gmail.com or @yahoo.com rather than @acst.com. Subtly replacing letters with numbers or similar-looking letters in email addresses is also a clear signal that the message isn’t what it seems.
While it’s not impossible for a legitimate email to contain misspellings or grammatical errors, any communications that include mistakes should always be verified (see Step #3), especially if the content seems suspicious or the email address raises concerns.
Step #3: Verify the Sender
If you receive a suspicious email, even one claiming to be from someone you know, verify the validity of the message before responding or clicking on anything.
Messages from companies can be easily validated. Instead of using the information in the email, open a new tab and search for their website, log into your account, or call the phone number in the search engine.
For emails claiming to be from someone you know, check the contact information you have saved for that person or reach out to them using another method.
It is always better to take a few minutes to check a message’s validity rather than spend significant time fixing things if you find yourself the victim of a phishing scam.
There’s no harm in opening a fake email. The damage comes from responding or clicking on the links, so always double-check anything suspicious before taking action.
Protecting Your Ministry
You’ve been entrusted with protecting your congregation from those who seek to destroy. Part of that charge is to ensure that their personal information is safe.
Learning how to identify phishing scams will go a long way in keeping your ministry safe. If something seems off, it is always better to verify the message.
It may seem unnecessary to examine your emails critically, but just one fake message can harm you, your congregation, and your church.
And it only takes three easy steps to protect your ministry from phishing.
ACS Technologies
ACS Technologies sets a new standard in church technology, offering a holistic suite of solutions that streamline administrative tasks and empower your staff to excel in their roles and your church to excel in your community.
In the ever-evolving landscape of church engagement and management, ACS Technologies rises above the rest. Our comprehensive church solutions, bespoke digital offerings, streamlined communication tools, comprehensive ministry consulting, and training make us the trusted choice for over fifty thousand churches. Experience the ACS Technologies advantage and elevate your church’s online presence, connectivity, and generosity today. Join us in redefining church technology for the digital age, where your ministry’s success becomes our shared mission.
