Targeted Spear Phishing Attack-Even Churches aren’t Immune

By:  |  Category: Blog, Security Thursday, July 5th, 2018  |  No Comments
spear phishing

Even the church isn’t immune to cyber criminals. A group of unsavory cons from Canada are exploiting the names of priests and archbishops to solicit money from unsuspecting parishioners.

Looking at this picturesque fishing town in Nova Scotia, it would seem like the only crimes might be a stolen bicycle or a drunk in public citation after the local pub closed down for the evening. This town isn’t a hotbed of crime, but unfortunately, this only makes it an easier target for cyber thieves.

The level of sophistication for this attack was high. It wasn’t a run of the mill phishing attack with a generic message you could spot a mile away as a scam. This was a highly targeted spear phishing campaign with specific detail that add credibility and believability to the sender and their message. This is a con worthy of an Oceans screenplay.

Parishioners of the Roman Catholic Archdiocese of Halifax-Yarmouth, received emails using the names of up to a half-dozen priests and even the archbishop, requesting volunteer hours, gift cards, and photographs. It raised no red flags because it was a normal request from the church.

By using a familiar sender’s name, it increases the chances of a victim opening and responding to an email. Social engineering at it’s best plays on our natural emotional response. When we get a message from a respected authority–like a pastor, boss or executive, our emotions are engaged. This con plays on the parishioners desire to help the church and their  leaders. The best phishing attacks also leverage contextual details to make the email more believable, it’s the small details that only a person going to that church might be privy too thus elevating the chances of turning the recipient into a victim.

It’s uncertain how the email sender got the email addresses of the parishioners, and the actual amount of emails that were sent out, but it clearly illustrates how with even the smallest amount of correct details (in this case, sender name and appropriate recipient), a scam can be born.

To avoid this in your organization, ongoing security awareness training is key to keep employees abreast of the latest scams, what to look for, and to generally maintain a culture of security-mindedness.

Let EnhancedTECH provide you with employee security awareness training and a secure network perimeter. Contact us at 714-970-9330 or at [email protected]

Leave a Comment
Read previous post:
internet privacy law
California’s Internet Privacy Law Strictest Yet

What some are now calling the "California Effect" is changing the landscape of the internet. Passed and signed by the...