Not every message that sounds like your church’s pastor or leader is actually that person.
In today’s world, an AI-generated voice memo, video clip, or text thread can trick church staff into sending real money to criminals.
For example, a church staff member receives a short, urgent voicemail from a pastor: “I need you to handle this today. I’m about to give a eulogy.”
The message includes wiring instructions for a contractor. The voice sounds exactly like the pastor. The staff member hesitates, but the tone feels familiar, and the request sounds reasonable.
Minutes later, funds have left the church, never to be recovered..
Exploiting urgency, familiarity, and distributed communication
These scams work because they blend into normal ministry life.
Churches move fast and teams are spread across multiple campuses. Volunteers rotate, while leaders travel as requests hit phones and inboxes all day.
Fraudsters lean into that reality. They mimic a leader’s style, create urgency, and push the request outside normal tools and normal hours.
Often the initial approach does not involve a large wire transfer. It is a small test, a “quick reimbursement,” a “deposit to hold a slot,” or a vendor bank change that sets up a larger loss later.
Churches make easy targets
Churches are built on trust and responsiveness. That is a strength in ministry, but it can be a weakness in financial workflows.
When finance staff members are unavailable, such as evenings, weekends, holidays, or during services, scammers look for the person most likely to quickly help.
The more a church relies on informal approvals, text-based decisions, or “just this once” exceptions, the more the opportunity exists for a convincing fake to succeed.
How your church can protect itself
To reduce the risk of AI-driven impersonation and payment fraud, consider these safeguards:
- Require two-channel verification before money moves. Any request involving a wire, ACH, gift cards, or payment instructions should be confirmed through a second method. Use a known phone number or an established internal channel, not a reply to the original message.
- Lock down email and finance access. Turn on multi-factor authentication (MFA) for email, banking, accounting, and payroll. Limit administrative rights. Periodically review mailbox rules and forwarding settings since criminals often exploit them.
- Put vendor setup and bank changes behind a hard gate. Centralize who can add vendors and change bank details. Never accept updated banking instructions by email alone. Require a documented call-back to a trusted contact already on file.
- Strengthen approvals, especially for requests seeking exceptions to the usual process. Requests seeking exceptions should receive greater scrutiny. Automatically treat off-hours requests, urgent requests, and off-platform requests as exceptions that require a documented review and approval by two people.
- Train staff and volunteers, and write the response plan now. Teach staff and key volunteers to stop when something feels off, even if the message sounds like it came from a leader. Document who to call at the bank, who resets accounts, and who informs leadership if a payment is sent in error.
When churches make verification normal, criminals lose their favorite advantage: a rushed, isolated decision.
Tim Samuel is a CPA and the owner of CFO: Creating Future Opportunities, LLC, which helps churches strengthen internal controls, improve financial clarity, and protect trust.