Even the sacred are at risk! Church got robbed with a phishing scam

Hackers always look for weak targets and high rewards, this time Saint Ambrose Catholic Church was next.
In 2019, even a cyber attack on a church shouldn’t surprise to anyone. According to the FBI, cybercrime has doubled in 2018 and in 2019 will go even higher.

In this case, the cyber attack was an old and rudimentary one: a phishing email scam combined with a social engineering phone call.
Hackers launched the cyber attack with a phone call to St. Ambrose Catholic Parish, in which they pretended to be Marous Brothers Construction (an old friend company of the church). During the call, the scammers told the church that payments for church renovation never arrived.

When question by the FBI, after the cyber attack, the Saint Ambrose Catholic Parish’s Father Bob Stec said that hackers told him that the company was not paid with the monthly payment on the renovation project for the past two months which was around $1,750,000. Even if the church has been very prompt with the payments every month and received all the confirmations from the bank that the wire transfers of money to Marous were executed; hackers somehow convinced the church that the construction company changed their bank.

Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;

During the investigation, the FBI also found that the church email system was hacked. According to the FBI, the hackers gathered information from the church’s email account, and this is how they managed to deceive the church into believing Marous Brothers had changed their bank.

Eventually, cyber crooks were able to steal $1.75 million, and all it took was a few emails, some Photoshop skills, and a phone call.

This case alone should be enough to be a good example that even those who not operate for profit or that are religiously affiliated can be hacked.
Cybersecurity expert says that the best move to prevent such attacks is cyber resilience. The main focus is not to get tangled in potential security processes, tools, and strategies. All that is needed are a few simple things:
• Focus on the basics: always do routine maintenance such as patches, updates, and access permissions as soon as they are available or needed.
• If it is the case, always use cloud security in order to make data less accessible to hackers.
• Implement data-centric security by encrypting data and restricting access to sensitive information.
• Design an application starting with security, not the other way around.
• Learn and engage în proactive defense: use a firewall, security software, and a strong virtual private network (VPN).

We would continue to monitor this cybersecurity problem. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.