Phishing attacks are happening more frequently and the need to be vigilant with your directory is becoming more and more necessary.
The Federal Trade Commission (FTC) has specifically warned about scams targeting worshipers. The FTC highlights that criminals have been using church directories to deceive congregants into sending gift cards or other forms of payment, often impersonating church leaders or staff members. These types of scams can be especially effective when attackers exploit personal details, which is why protecting access to these pages is so critical. For more information on how these scams work, visit the FTC's consumer alert here: https://consumer.ftc.gov/consumer-alerts/2019/07/worshipers-targeted-gift-card-scam.
The preferred variation of this scam doesn't even require access to your directory:
"Hi, I'm a little old lady who goes to your church and can't figure out my phone. Can you send me a PDF of the directory?"
How do you keep malicious actors from getting access to your directory? If someone is trying to gain access to your online directory, what do you do? Here are some suggestions from the Adjace team:
When adding or changing a member’s information use caution
- If you are allowing folks to create their profiles online, set the default membership type to a one that does not have access to the Directory right away.
- Don’t allow access to the directory until they have attended for a few months.
- Define “Best Practices” for your church when adding new Members or Attenders and allowing them to gain access to the directory.
- Setup a “Best Practices” for your church for changing and updating profiles.
Verify that new profiles are from real people
- Find them on social media to see if they live in an area that would attend your church. Use caution. Bad guys often hack social media accounts.
- Does your church have a “Sign-in” sheet for attendance? Have they signed in for multiple weeks/ months?
- Ask them to stop by your information desk or speak with a Greeter on Sunday. If they do stop by, use your best practices. Get the individual’s information and mention that you don’t allow access right away, but after they have attended for a few more months, become a member, attended whatever class you have for them, they can gain access to the directory.
Use best practices when changing an existing profile
- Don’t take a change request over email, even if that email matches the email address listed in Planning Center. E-mail “from” addresses are easily forged.
- Let folks know they can request the change through the Directory and/or…
- Ask them to update their information on the “Sign-in” sheet at church and/or…
- Make a choice to only update information in person.
Comments
0 comments
Article is closed for comments.