Try Churchteams Free — No Credit Card Required
Churchteams Church Management Software
Start Your Free Trial

4 Ways to Keep Your Church from Getting Caught in a Phishing Scam

In today's digital age, phishing scams are increasingly targeting church communities. Imagine receiving an email from your pastor asking for urgent help—sounds legitimate, right? But what if it’s a scam? With AI-generated messages, spotting these threats is harder than ever. To protect your congregation, it’s crucial to take proactive measures. Discover four steps to safeguard your church from phishing scams and maintain trust within your community. Don’t let your church fall victim—learn how to keep your members safe!

Someone is sending emails to church members using the pastor’s name, asking for gift cards or money transfers. Recipients want to help, but something feels off. So one of them reaches out to the pastor directly. When he hears about it, the panic sets in fast

Like you, we hate it whenever someone tries to exploit the trust within a church community. Everyone feels nervous about their security and privacy. And with the rise of AI-generated messages that can convincingly mimic a real person’s writing style, these scams are getting harder to spot than ever.

Cybersecurity is a big deal to us, and we’ve built extensive protocols to protect against threats like these. So when we get that panicked call or email, we feel it right along with you.

In every case we’ve investigated for our clients, the problem wasn’t a technology failure, it was what cybersecurity experts call social engineering. Here’s how it typically works:

The scammer visits your church’s public website or social media pages to learn the pastor’s name, title, and any other details about ministry leaders. Armed with that information, they try to gain access to your directory by calling or emailing the church office, posing as a visitor or regular attender, and requesting a password or asking for the directory to be emailed to them.

Next, they create an email address that looks like it could belong to the pastor — something like pastorboydp@gmail.com, but it’s completely fake.

Finally, they use that address to email people in the directory with an urgent story about why they need a gift card sent immediately. They’ll often weave in personal details pulled from your website or social media to make the message sound legitimate. Today, some scammers are even using AI tools to mimic a pastor’s actual writing style, making these emails far more convincing than they used to be.

This is called phishing. It’s a play on the word “fishing.” So what can you do to keep your church from taking the bait? Here are four practical steps.

1. Do not give out a churchwide directory.

Many churches have moved away from sharing full directories altogether. If a directory is important to your church culture, make sure you verify the identities of everyone with access. ChurchTeams clients can review our directory access article for guidance on available controls.

2. Offer directories at the group level where people know each other.

ChurchTeams includes a communication feature within each group that allows a leader to share directory information only with their own group members. This is the level where most people develop the friendships they actually want to stay in touch with anyway — and it keeps everyone else’s information secure.

3. Train your staff to recognize the signs.

Don’t assume your team knows what phishing is or what it looks like. Share this post with them. Create a simple document or policy for how directory information and passwords should be shared — and make it clear that any request coming in by email or phone should prompt staff to verify the requester’s identity before responding. Here are some guidelines to help you get started.

4. Develop a “Use of Information” guide.

Let people know upfront how you’ll use their contact information when they provide it. This can be as simple as a sentence or two in your bulletin or on a registration form, or a more complete policy included in new member materials. An example policy is available here to help you create one.

Prevent Church Phishing Scams by Keeping it Simple

You don’t have to overhaul your entire communications strategy to address phishing. Even simple, proactive steps like these build trust and let your congregation know you take their privacy seriously.

As a ChurchTeams client, you can be confident that we’re working behind the scenes to protect the integrity of your data. But if you ever have a concern, we’re ready to work alongside you to make sure you feel completely secure.

Boyd Pelley
Boyd spent 18 years in Discipleship and Family Pastor roles before co-founding Churchteams, which remains owner-operated today. A lifelong servant-leader, he still serves on his local church leadership team. Boyd is married to Pam (40 years!) and is blessed with two grown children and a handful of grandchildren who love the Lord.
Share the Post:

Related Posts

Reducing Church Admin Tasks to Get Your Focus Back on People

Is your church staff feeling overwhelmed by administrative tasks, with little time for meaningful connections? Automating routine tasks can change your ministry. A good Church Management Software (ChMS) like Churchteams can manage guest follow-ups and volunteer reminders, allowing your team to concentrate on what truly matters. Discover how to identify tasks for automation, set up effective workflows, and enhance your church’s engagement. Don’t let administrative stress hold back your mission—unlock your ministry’s potential and make sure every member feels valued. Explore more to find out!

Read More

Church Texting: 3 Ways MMS Texting Boosts Engagement

Churchteams now supports MMS texting, giving churches a richer way to connect with members. Send images, audio files, and write longer length messages — 10x more than standard SMS. From event flyers to a pastor’s voice note, MMS adds warmth and clarity that plain text can’t match. See how it works and what it costs.

Read More