Cybercrime is no longer confined to Fortune 500 companies and government agencies. Increasingly, churches and nonprofits—organizations built on trust and community—are being targeted. According to cybersecurity analysts, nearly 43% of North American cyberattacks target ministries and nonprofits, often because they lack the robust defenses larger organizations have.
In August 2025, multiple churches in North Carolina and Georgia reported receiving email phishing scams impersonating pastors and requesting gift card donations. These attacks weren’t just financial schemes; they threatened the trust between congregations and their leaders.
The Scope of the Threat
The FBI’s 2024 Internet Crime Report found phishing and spoofing to be the most common cybercrimes filed last year. While the number of phishing reports dropped slightly from 2023, the financial toll ballooned—jumping from $18.7 million in 2023 to $70 million in 2024.
Nonprofits are especially vulnerable since attackers know their communication channels are open and public, and that volunteers or staff may not be tech-savvy. These phishing tactics are often highly effective because they exploit human emotions, such as trust, fear, and empathy—qualities that are foundational to nonprofit and faith-based communities.
Why Churches and Nonprofits Are Prime Targets
Church Tech Today describes nonprofits as “high-trust, low-tech environments.” That means:
- Publicly listed email addresses make impersonation easy.
- Volunteers often handle technology without formal training.
- Members are inclined to trust messages from leadership.
This creates fertile ground for attackers. In simulated phishing exercises, some nonprofit teams showed failure rates as high as 34%. Worse, other reports show that 70% of nonprofits lack formal cybersecurity policies, even though 60% have already suffered a cyberattack in the past two years.
Consequences Beyond Finances
When an attack occurs, it’s not only money that’s lost. A successful phishing scam can damage an organization’s reputation and erode trust within the community. Congregants may become reluctant to share personal or financial information, and donors may hesitate to give. For nonprofits whose missions depend on goodwill, reputation is just as valuable as resources.
Steps Toward Stronger Defenses
The good news is that nonprofits don’t need deep pockets to improve security. Experts recommend focusing on awareness and culture:
- Train staff and volunteers to spot suspicious emails and links.
- Enable multi-factor authentication (MFA) across all accounts.
- Use robust email filters to block known phishing attempts.
- Segment Wi-Fi networks to provide guests with separate access.
- Conduct phishing simulations to test resilience.
Stewardship in the Digital Age
For nonprofits, stewardship doesn’t stop at finances or programs—it extends to protecting digital assets and the people who entrust them with information. By acknowledging their unique vulnerabilities and building a culture of cybersecurity awareness, churches and nonprofits can continue their missions without letting scammers exploit their goodwill.
LibertyID Business Solutions provides customer WISP protocols, advanced information security employee training, third-party vendor management tools, and post-breach regulatory response and notification services. This allows businesses to improve the safeguards surrounding their consumers’ private data and head toward a compliant posture in relation to the federal FTC and often overlooked state regulations. Along with the components mentioned, LibertyID Business Solutions includes our gold-standard identity fraud restoration management services for employees and their families.