Phishing Scams Targeting Pastors: Who’s Next?

A new round of phishing emails struck nationwide this week, with this latest cyberthreat coming from criminals pretending to be pastors. This cyberthreat used low-tech techniques to target unsuspecting membership with a few new twists, like real-time responses from the bad actors.

A similar phishing to the situation described by the Georgia attorney general in June 2018:

“In one version of the fraud scheme, con artists send out emails purporting to be from the Pastor of the church asking for emergency donations to help someone in need. The email, which uses the Pastor’s name but a phony email address, instructs the recipient to provide the money by purchasing an iTunes gift card and mailing it to a different address. …”

Although the dollar amounts involved may be relatively small compared to million-dollar bank transfers, the potential damage to respected institutions worldwide is huge, when considered in aggregate. I view this as a significant development, since the phishing scam is hitting much “closer to home” for many more organizations, undermining trust on a personal level for those who are tricked.

I personally received one of these phishing emails, and I immediately recognized that it was a fake (more on how I knew later in the article). I contacted this pastor immediately and provided help.

In addition, I initially played along to see what their nefarious plan was. See the box in blue below which described what happened in this email exchange from a (fake) pastor:

How Did I Know It Was a Fake?

Besides the fact that this particular pastor does not talk in this way, the wrong email address from the sender was a major clue — but easy to miss for the untrained eye.

Without giving out the exact church email details here, I can share that the bad (Read more...)

*** This is a Security Bloggers Network syndicated blog from Lohrmann on Cybersecurity authored by Lohrmann on Cybersecurity. Read the original post at: