A church accountant from Wisconsin opened his email inbox to find a request from his pastor, asking him to send money via wire transfer. The email looked legitimate, but he sensed that something was amiss.
“I thought the email was a little strange, but it definitely looked like it came from our senior pastor,” the accountant said. “I emailed back with a few questions and things just didn’t add up.” When asked directly, the pastor confirmed that he hadn’t sent the request.
As it turned out, the email was part of a phishing scam. In these increasingly common schemes, thieves send emails that appear to be authentic, trying to trick recipients into giving away money or sensitive data like bank account numbers or employee W-2 forms.
“Phishing emails can be difficult to spot, even for tech-savvy people,” says Ryan Tufo, technology support lead at Brotherhood Mutual. Tufo notes that these scams take advantage of potential victims’ grace. “When someone requests help, the natural response is to help them,” he says. “Many of these scammers try to use your helpfulness against you.”
Phishing schemes and data breaches can have serious consequences. In addition to investigations that can cost tens of thousands of dollars, losses often extend beyond money. A breach could also result in identity theft, legal issues, and a tarnished reputation.
Here are a few telltale signs that an email may warrant extra scrutiny:
Similar scams can be delivered by phone. Using a technique known as “pretext calling,” thieves pretend to be someone else in efforts to gain personal information. For example, someone may call claiming to work for a trusted vendor, using details from the church website to convince a church employee that the caller is authentic. After establishing trust, the caller may ask for sensitive information such as a church membership log with addresses, birth dates, and other data. If you suspect a call is part of a scam, avoid giving information and contact the organization using contact information you know is legitimate.
When your ministry has computer questions, who can you call for help? A trusted go-to person can be very valuable, whether the person is a paid staff member, an outside vendor, or a volunteer with a background in information technology.
When hiring or appointing technology consultants, consider:
Follow the ministry’s standard background screening process when appointing a technology consultant or team. A good screening process includes a written application, a background check, a reference check, and a personal interview. If hiring a third-party technology vendor, look for a company with a good reputation and screening procedures that are similar to the ones your ministry uses.
If multiple church members report credit card fraud or ministry computers start behaving strangely, it may be time to look into a possible data breach. Following an organized response plan can help lead your ministry to a quick, structured response, limiting data losses and smoothing the recovery process. Major points to address in a response plan include:
Have an attorney review your data breach response plan before putting it into practice. This helps ensure that the plan fulfills the laws that apply to your ministry.
“Data breach response plans are common in the business world,” says Aaron Smith, information security program architect at Brotherhood Mutual. “A good plan improves the organization’s ability to respond when a breach occurs.”
By adding strong security measures and training workers to avoid phishing hooks, your ministry can increase the likelihood of avoiding a data breach.
Thank you for your interest in Brotherhood Mutual. We appreciate the opportunity to provide your church or other ministry with an insurance quote and will reply to your request as soon as possible.
Text to follow...