Targeted Spear Phishing Attack-Even Churches aren’t Immune

By:  |  Category: Blog, Security Thursday, July 5th, 2018  |  No Comments
spear phishing

Even the church isn’t immune to cyber criminals. A group of unsavory cons from Canada are exploiting the names of priests and archbishops to solicit money from unsuspecting parishioners.

Looking at this picturesque fishing town in Nova Scotia, it would seem like the only crimes might be a stolen bicycle or a drunk in public citation after the local pub closed down for the evening. This town isn’t a hotbed of crime, but unfortunately, this only makes it an easier target for cyber thieves.

The level of sophistication for this attack was high. It wasn’t a run of the mill phishing attack with a generic message you could spot a mile away as a scam. This was a highly targeted spear phishing campaign with specific detail that add credibility and believability to the sender and their message. This is a con worthy of an Oceans screenplay.

Parishioners of the Roman Catholic Archdiocese of Halifax-Yarmouth, received emails using the names of up to a half-dozen priests and even the archbishop, requesting volunteer hours, gift cards, and photographs. It raised no red flags because it was a normal request from the church.

By using a familiar sender’s name, it increases the chances of a victim opening and responding to an email. Social engineering at it’s best plays on our natural emotional response. When we get a message from a respected authority–like a pastor, boss or executive, our emotions are engaged. This con plays on the parishioners desire to help the church and their  leaders. The best phishing attacks also leverage contextual details to make the email more believable, it’s the small details that only a person going to that church might be privy too thus elevating the chances of turning the recipient into a victim.

It’s uncertain how the email sender got the email addresses of the parishioners, and the actual amount of emails that were sent out, but it clearly illustrates how with even the smallest amount of correct details (in this case, sender name and appropriate recipient), a scam can be born.

To avoid this in your organization, ongoing security awareness training is key to keep employees abreast of the latest scams, what to look for, and to generally maintain a culture of security-mindedness.

Let EnhancedTECH provide you with employee security awareness training and a secure network perimeter. Contact us at 714-970-9330 or at [email protected]

Samantha Keller

Director of Marketing and PR at EnhancedTECH
Samantha Keller (AKA Sam) is a published author, tech-blogger, event-planner and mother of three fabulous humans. Samantha has worked in the IT field for the last fifteen years, intertwining a freelance writing career along with technology sales, events and marketing. She began working for EnhancedTECH ten years ago after earning her Bachelor’s degree from UCLA and attending Fuller Seminary. She is a lover of kickboxing, extra-strong coffee, and Wolfpack football.Her regular blog columns feature upcoming tech trends, cybersecurity tips, and practical solutions geared towards enhancing your business through technology.
Samantha Keller

Latest posts by Samantha Keller (see all)

Leave a Comment
Read previous post:
internet privacy law
California’s Internet Privacy Law Strictest Yet

What some are now calling the "California Effect" is changing the landscape of the internet. Passed and signed by the...