A
lways looking for new ways to separate you from your money, cybercriminals in Canada are using names of priests and archbishops to solicit money.
There’s only one thing more effective than phishing… and that’s spear phishing. Rather than using a generic message that can apply to just about anyone, many cybercriminals choose to first do their homework about their potential victims and target a select number with a very specific message. In most cases of spear phishing, specific details are used to establish credibility for the sender and their message.
In the case of the Roman Catholic Archdiocese of Halifax-Yarmouth, parishioners received emails using the names of up to a half-dozen priests and even the archbishop, asking for favors, gift cards, and photographs.
The use of a familiar sender’s name, when sent to a targeted recipient only increases the chances of opening and responding to an email. Successful phishing attacks leverage contextual details to make the email more believable, elevating the chances of turning the recipient into a victim.
It’s not clear how the email sender got the email addresses of the parishioners, nor how many emails were sent out, but it demonstrates that will even the smallest amount of correct detail (in this case, sender name and appropriate recipient), a scam can be born.
To avoid this in your organization, ongoing security awareness training is key to keep employees abreast of the latest scams, what to look for, and to generally maintain a culture of security-mindedness.
