array(1) { [0]=> array(3) { ["class"]=> string(18) "menu-item-features" ["menu"]=> array(10) { [0]=> array(2) { ["icon"]=> int(3843) ["link"]=> array(3) { ["title"]=> string(19) "Engagement Insights" ["url"]=> string(35) "/features/engagement-scores-badges/" ["target"]=> string(0) "" } } [1]=> array(2) { ["icon"]=> int(974) ["link"]=> array(3) { ["title"]=> string(17) "TouchPoint Giving" ["url"]=> string(28) "/features/touchpoint-giving/" ["target"]=> string(0) "" } } [2]=> array(2) { ["icon"]=> int(3842) ["link"]=> array(3) { ["title"]=> string(15) "Process Builder" ["url"]=> string(26) "/features/process-builder/" ["target"]=> string(0) "" } } [3]=> array(2) { ["icon"]=> int(3838) ["link"]=> array(3) { ["title"]=> string(13) "Tasks & Notes" ["url"]=> string(21) "/features/task-notes/" ["target"]=> string(0) "" } } [4]=> array(2) { ["icon"]=> int(3841) ["link"]=> array(3) { ["title"]=> string(17) "People Management" ["url"]=> string(28) "/features/people-management/" ["target"]=> string(0) "" } } [5]=> array(2) { ["icon"]=> int(3837) ["link"]=> array(3) { ["title"]=> string(10) "Mobile App" ["url"]=> string(22) "/features/mobile-apps/" ["target"]=> string(0) "" } } [6]=> array(2) { ["icon"]=> int(3840) ["link"]=> array(3) { ["title"]=> string(9) "Scheduler" ["url"]=> string(20) "/features/scheduler/" ["target"]=> string(0) "" } } [7]=> array(2) { ["icon"]=> int(975) ["link"]=> array(3) { ["title"]=> string(14) "Check-In Suite" ["url"]=> string(25) "/features/check-in-suite/" ["target"]=> string(0) "" } } [8]=> array(2) { ["icon"]=> int(3844) ["link"]=> array(3) { ["title"]=> string(13) "Registrations" ["url"]=> string(24) "/features/registrations/" ["target"]=> string(0) "" } } [9]=> array(2) { ["icon"]=> int(3839) ["link"]=> array(3) { ["title"]=> string(16) "Search & Reports" ["url"]=> string(25) "/features/search-reports/" ["target"]=> string(0) "" } } } ["link"]=> array(3) { ["title"]=> string(17) "View All Features" ["url"]=> string(10) "/features/" ["target"]=> string(0) "" } } }
View All Features
Schedule Demo
Home » Blog » Email Scams & How To Avoid Them

Email Scams & How To Avoid Them

We have had several churches recently report that church members have emailed various church staff asking them to update their account.




Dec 05, 2022

Does your church have a policy/procedure for responding to account updates via email and/or phone? 

We have had several churches recently report that church members have emailed various church staff asking them to update their account. At first glance, this appears to be a legitimate request, but several factors have tipped off the staff to know that it was indeed a scam.

You might be wondering, “how is this a scam?”
The first thing that is clear is that the person is emailing from a new email address. This email address might look legitimate. We’ve seen examples that follow this format – first.last@outlook.com. While it is possible that a scammer could be sending an email from a compromised account, it is not always the case. If it comes from a compromised account, it is often harder to prevent. If it is a brand-new email address, simply follow the recommendations below.

How does the scam work?
If an unsuspecting staff person updates the person’s record with the new email address, the scammer then resets the person’s password and logs into the church’s management software using the new email address. They then attempt to harvest any information about other church members and attendees (if possible). Because the user is logging in with legitimate credentials, there is often little we (your church management software) can do to prevent this. They then email fellow church goers and try to trick them into giving gift cards or donating to the church, where the link to the donation page is not a legitimate donation page.

You might be wondering “What can you do to prevent this?”
There are a few things we recommend:

1. If a person is emailing from an email address that is not in the database, DO NOT ACCEPT any changes. You can reply, asking them to email from an email address that is already on their record or to contact the church office (then follow the recommendations below).

2. Have a clear policy and procedure that your staff follow for when and how they should update a person’s record in the database. While your church should come up with your own requirements, here are a few ideas to get you started:

  • If a person reaches out via email, either have a canned response saying that all record update responses must be made via phone and give them the contact information of who to call, or require that a phone call is made to the phone number on their record confirming the change.
  • If a person calls the church office asking to update their record, the person fielding the call should verify other details on their record like what small group they attend, their DOB, and/or family member names. You’ve likely had your bank do something like this to verify your identity when you’ve called them.
  • Whatever you do, make sure all your staff and/or lay leaders who have access to update a person’s record are doing so with caution, knowing that there are people out there trying to scam you.

3. Make sure that all users – both staff and lay leaders – have the appropriate access levels in TouchPoint where they only    have access to the information they need.

  • Have you removed access from former staff, officers, and lay leaders?
  • Is it necessary for lay leaders to be able to update information?

4. Educate your staff and congregants on the risks of cyber threats. Here are a few key points that you can share with    them:

  • Nobody from the church staff will ever reach out via email or social media asking for donations via gift cards, money transfers, or any other means besides what you can find on our church website.
  • If you see odd links in emails or social media leading to donation pages that don’t look legitimate, please report them to a church staff member.
  • Let them know that the best way to donate to your church is from a link directly on your website.

5. Require all staff with admin or finance access to have 2 factor authentication enabled on their account. This adds an extra layer of protection for these users to further safeguard your most sensitive data. 

Our Head of Product, Chris Dolan, recently led a virtual keynote session at a conference for Executive Pastors on Human Firewalls. You can check it out here to learn additional helpful tips.




Related Resources

View All Resoucers
Blogs

New Registration Submission Report
Sep 21, 2022

Registration reporting is even easier now with the newly created Submission Report.

Read More
Blogs

TouchPointers: Check-Out
Feb 6, 2023

Having a method for safely checking children out of their classes is an important feature for all churches to use.

Read More
Blogs

Exciting Check-In Enhancements
Jul 12, 2022

We’re steadily enhancing Check-In to ensure your Sundays remain as smooth (and fun) as possible!

Read More
Blogs

Finance Enhancements
Jun 8, 2023

We are excited to announce the release of Phase 1 of our financial enhancements, scheduled to be released on June 19. TouchPoint bundles will now be called batches.

Read More
Blogs

Additional Finance – Phase I Updates
Aug 24, 2023

We recently released several updates related to the Finance – Phase I changes based on feedback from our partner churches.

Read More
Blogs

Check-In and Classroom Dashboard Updates
Dec 14, 2022

We have added new settings to Check-in Profiles and the Classroom Dashboard. These settings will provide even more flexibility when designing the Check-In experience that works best for your church.

Read More