Is your church the perfect victim for cybercrime?

By Lindsey Elias, Marketing on October 3, 2022

Cybercriminals think so.

11.5 Trillion Dollars. Yes, you read that right. According to, this is the yearly global cost of cybercrime predicted for 2023—up a whopping 40% from 2022. Why is this number so unfathomably massive? It’s simple. As new technologies emerge and offer new digital capabilities, cybercrime gains new capabilities, too. Despite the severity of this growing threat, however, most organizations do not realize the extent that they are at risk.

Cybercriminals prefer it this way, of course—working from behind-the-scenes and creating issues that their victims often never see coming. Unfortunately, churches and other faith-based organizations are the single largest target of cybercriminals with phishing scams across the nation. It’s time to get these criminals out of the dark and into the spotlight.

During one particularly infamous phishing scam, according to the Georgia Attorney General, cybercriminals sent out emails pretending to be the pastor of a church, and asking for emergency donations from congregation members. The email explained that they had to quickly help a widow in need and used the Pastor’s name, but a fake email address. It instructed recipients to take action by purchasing specific gift cards and mailing them to a provided address. These “impersonation-style” attacks can feel incredibly personal and happen more commonly than many realize. In fact, reported that between January and June 2022, 15% of all phishing attacks were impersonation attempts.

It’s terrifyingly easy for today’s hackers. But there are several things we can do to help outsmart and deter them—starting with some education and clear, church-wide communication. The more that you and your congregation members know about cybercrime, the better. One of the most important things to be aware of when it comes to cybercrime is how to spot red flags.



  • Emails requesting quick or immediate action
  • Emails containing spelling and grammatical errors, or that are written in an unusual tone
  • Emails that ask you to open links or download documents
  • Web addresses, names and email addresses that are misspelled— (they can be off by just one letter)
  • Misleading links – (hover over the link with your mouse before clicking to see what website appears. Does it send you to where it says it will, or does the website look strange?)
  • Requests for money, gift cards, credit card or fine payments and updates to important or confidential information – (even if it seems like these come from your bank, it’s smart to contact your bank directly to confirm before ever responding with personal information.)
  • Content that says you’ve “won” a contest, and that asks for additional information in order to send you a payout or prize

With each passing year, new cybercrime tactics are developed, so new red flags will emerge. Take time to read-up on these tactics and stay as up-to-date as possible. Provide updates to members of your church as well. As you open your church’s emails, create budgets, record personal information and logs, there are some other critical things to remember.



  • Practice careful clicking – If you see pop-ups, links or email attachments—don’t click. If in doubt, call the sender directly to ask if they meant to send you something.
  • Supercharge your passwords – Swap passwords for passphrases, for example “TheCowJumpedOverTheMoon,” and include symbols. Change them every six months.
  • Think thoroughly about security questions –You leave a digital footprint wherever you go, and chances are you follow your favorite band on social media, or you’ve talked about them online—so don’t make their name the answer to one of your security questions. Think of online statements as breadcrumbs that online hackers can follow, and choose specific security questions that are on topics you know you have not spoken publicly about.
  • Constantly communicate – Spread the word across your parish regularly, to members, employees and volunteers. Help ensure that everyone better understands their cyber exposures and knows how to keep an eye out for red flags.

Getting hit by a hacker can be incredibly expensive—and paying for some extra layers of protection will likely pale in comparison. Weigh the costs of these products with your church’s budget and speak to an expert about products designed to reduce your risk.



  • Special Software – Top-tier anti-virus software can provide a significant layer of extra protection. Talk to experts and ask questions to determine what product or set of products best suits the needs of your church.
  • USB keys –Encrypted USB keys are highly recommended by experts as the safest way to store passwords. Passwords should never be stored on your computer in any sort of word document, excel sheet or program.
  • Insurance Coverage – As a provider of insurance to specialty markets, Glatfelter understands the value of cyber coverage first-hand. Talk to a trusted agent about your unique exposures to find out what coverage might best fit your needs.

Unfortunately, as technology continues to grow and evolve, cybercrime will, too. With churches seen as easy, key targets, it’s more critical than ever before to talk to your worship community and formulate a plan of action that everyone can feel good about. Tap into more resources to share with your team by visiting our Cyber Security Risk Resource Hub here, and employ the tactics above to help protect your organization so that you can stay focused on your mission with increased peace-of-mind.

Get more cybersecurity resources for your organization


Lindsey Elias, Marketing

As our Marketing Content Manager, Lindsey is passionate about producing quality content. When not at the office or planning her next Disney getaway, she loves hanging with her husband, family and fur babies and indulging in the two c's: carbs & coffee.


The information contained in this blog post is intended for educational purposes only and is not intended to replace expert advice in connection with the topics presented. Glatfelter specifically disclaims any liability for any act or omission by any person or entity in connection with the preparation, use or implementation of plans, principles, concepts or information contained in this publication.

Glatfelter does not make any representation or warranty, expressed or implied, with respect to the results obtained by the use, adherence or implementation of the material contained in this publication. The implementation of the plans, principles, concepts or materials contained in this publication is not a guarantee that you will achieve a certain desired result. It is strongly recommended that you consult with a professional advisor, architect or other expert prior to the implementation of plans, principles, concepts or materials contained in this publication.

This blog post may contain the content of third parties and links to third party websites. Third party content and websites are owned and operated by an independent party over which Glatfelter has no control. Glatfelter makes no representation, warranty, or guarantee as to the accuracy, completeness, timeliness or reliability of any third party content. References to third party services, processes, products, or other information does not constitute or imply any endorsement, sponsorship or recommendation by Glatfelter, unless expressly stated otherwise.

Related posts

Submit a Comment