Why This Matters

Churches and nonprofits are under attack.

Understanding the threat is the first step to protecting your mission.

#2 Target

2nd

Most targeted industry for cyberattacks

Rising Threats

6x

Increase in login threats year-over-year

AI-Powered Scams

1,265%

Rise in phishing since ChatGPT launched

Why Hack a Church? The “Soft Target” Reality

Cybercriminals aren't choosing targets at random. They actively seek out churches and nonprofits because of a dangerous combination: valuable data and weak defenses.

Valuable Data
  • • Donor credit card and bank information
  • • Member names, addresses, and contact details
  • • Social Security numbers and financial records
  • • Health information (for counseling centers)
  • • Children's information (youth programs)
Common Weaknesses
  • • Limited IT security budgets
  • • Outdated computers and software
  • • Reliance on volunteers (not trained in security)
  • • High-trust culture (less suspicious of emails)
  • • No dedicated IT security staff

The Attacks You Need to Know About

1. Phishing: The Email That Looks Real

What it is: A fake email that tricks you into clicking a malicious link, opening an infected file, or sharing passwords.

Example: An email that looks like it's from “Microsoft” saying your email storage is full, asking you to click a link and log in.

Why it works: The email looks professional, creates urgency, and targets busy staff who don't have time to double-check.

2. Ransomware: Your Files Held Hostage

What it is: Malicious software that locks all your files (donor lists, financial records, emails) and demands payment to unlock them.

Real example: A Cleveland church had $1.75 million stolen by cybercriminals in 2019.

The double threat: Attackers now steal your data before locking it, threatening to publish sensitive information if you don't pay.

3. Business Email Compromise: The Fake Invoice

What it is: Criminals hack or impersonate your pastor's or finance director's email to send fake payment requests.

Example: You receive an urgent email that appears to be from your senior pastor asking you to wire money immediately for an “emergency.”

Why it works: High-trust environment + time pressure + appears legitimate = money transferred before anyone realizes it's a scam.

4. AI-Powered Scams: The New Frontier

What it is: Attackers use artificial intelligence to create fake websites, generate perfect emails, or even clone someone's voice in a phone call.

Example: A deepfake video of a supposed beneficiary telling a fabricated hardship story to solicit donations, or a voice clone of your executive director authorizing a wire transfer.

The risk: These scams are incredibly convincing and prey on the empathy that drives your mission.

Real Incidents: This Is Already Happening

Church of England (2025)

Two separate data breaches in one month. One was caused by a simple human error—an email sent to 194 abuse survivors without using BCC, exposing all their identities. The other was a cyberattack on a background-check vendor, compromising passport details and National Insurance numbers for hundreds of parishioners.

Lesson: Even one small mistake can have devastating consequences.

Blackbaud Ransomware (2020)

A major software company used by thousands of nonprofits worldwide was hacked. Attackers stole donor names, contact info, and financial details. Blackbaud paid a $250,000 ransom and later settled with regulators for $49.5 million.

Lesson: Your security depends on your vendors' security. Choose carefully.

Minneapolis Public Schools (2023)

When the school district refused to pay a ransomware demand, attackers released highly sensitive data including Social Security numbers and student medical records.

Lesson: Paying the ransom is not a guarantee. Prevention is the only real defense.

What's at Stake?

A cyberattack isn't just an IT problem. It threatens your entire mission:

  • Financial Loss: Ransom payments, recovery costs, legal fees, and lost donations
  • Lost Trust: Donors and members lose confidence when their data is compromised
  • Legal Penalties: Violations of HIPAA, COPPA, or data breach laws can result in massive fines
  • Operational Shutdown: Inability to access systems can halt your ability to serve your community
  • Reputational Damage: Years of goodwill can be destroyed in a single news cycle

The Good News

You don't need a huge budget or a technical degree to protect your organization. Most attacks can be prevented with simple, low-cost (or free) steps that anyone can implement.

That's exactly what MissionGuard is here to help you do.

Ready to Protect Your Mission?

Start with our simple, practical 5-step security plan designed specifically for churches and nonprofits.

View the 5-Step PlanBrowse Security Tools