Nick B. Nicholaou, author of Church IT: Using Information Technology for the Mission of the Church, consults with churches about their IT needs and issues. Here, Nicholaou shares advice on how churches can avoid becoming victims of cybercrime.
What is a typical example of email fraud targeting a church?
We see churches targeted specifically with emails that look as if they're legitimate, like, "Hey, the senior pastor told me to contact you and get a check for X amount of money." Those kinds of things.
We also see a lot of fraudulent emails appearing to be from general vendors, like Microsoft and Apple. They look legit, asking you to update or confirm your profile information at places like LinkedIn or Facebook. And, of course, if you click the link, you're taken to a site where your data can be collected or your identity stolen.
Is this a problem specific to churches or are churches getting caught up in something that happens to all businesses?
Everybody is being targeted, and many do not have appropriate spam filters that minimize exposure.
So spam filters will help prevent email scams?
A spam filter will prevent many of the emails that appear as if they're from general vendors like Microsoft and Apple. A spam filter probably won't block emails that appear to come from someone on staff. When this happens, the best approach would probably be to forward the email to the person that is referenced in it. They can then verify whether or not the request is legitimate.
What about verifying by making a phone call?
That would be wise. Sometimes you can reach them by phone; sometimes you can't. But I would say to at least try calling them. Texting them on their smartphone is not as reliable since their phone may have fallen into someone else's hands or been compromised. Public WiFi is not always secure, and if they get the text via public WiFi the verification is not solid. Someone could be "sniffing" the public WiFi airwaves and reading the text and other data that people are transferring via that public WiFi. In that case, it's possible that someone could be picking up information that could compromise a system.
For a lot of pastors, coffee shops become a second office. So, it would seem that hackers would be more likely to be in those public settings.
Your observation is accurate. My recommendation is to not trust public WiFi. Instead, turn on the WiFi hotspot on your smartphone that turns it into a "MiFi." Your connection will then go over your cellular data stream rather than over the public WiFi. When using your notebook computer at Starbucks, for instance, connect via the hotspot (or MiFi) feature of your smartphone, even though MiFi is a little bit slower and it means you may be paying for data. But you'll know that by doing it that way your data transfers—like text and email—are more secure.
One final piece of advice: never click links in emails asking you to verify your data.