Online Criminals Steal $700,000 from Florida Baptists in Phishing Email Scam
The investigation continues into how more than $700,000 was stolen from the Florida Baptist Convention (FBC) by a fraudulent email, also known as a phishing scam.
The Religion News Service reports the Florida Baptist staff received an email that claimed to be from the North American Mission Board (NAMB) of the Southern Baptist Convention which partners with the Florida Baptists on church planting. The email was not from the NAMB, but it requested funds to be sent to a new account number.
The FBC said in a May 10 statement posted on the state convention's website it had "experienced an incident of financial fraud. The fraudulent transaction is related to a payment from our convention to one of our SBC entities. We have reported this crime to the FBI, local law enforcement, our insurance carrier, our bank, and our auditing firm."
"This fraud was accomplished with a general knowledge of the communications and practice between the SBC entity and the convention. An investigation is being launched to determine how this knowledge was gained. At this time, we have no reason to suspect malfeasance by any convention employees. Nevertheless, the convention is committed to fully investigating the matter," the statement continued.
Reserve funds will be used to fulfill commitments to all supporting Florida churches and cooperating ministries, the FBC said.
Then in an updated statement released on May 15, the FBC said it was continuing to work with federal and state investigators to recover the stolen funds.
"Additionally, despite existing security protocols, training, regular information systems upgrades, and advanced detection software, we are working to further reinforce our level of information technology security. We remain prayerful that some of this loss may be mitigated through insurance and/or the recovery of stolen funds," the statement said.
The FBC also warned other churches about the potential for cyberattacks or phishing emails.
"We encourage pastors and churches to remain diligent with the security of their IT and financial systems. This specifically includes critically scrutinizing any and all requests—even those from a supposedly well-known source—that request a shift from historical payment practices," the May 10 statement said.
CBN News has contacted the FBC for an update on the investigation. We'll post it here when we hear back.
The news of the FBC's financial fraud loss comes just months after online scammers stole $793,000 from a North Carolina Baptist church.
Baptist Press reports the Elkin Valley Baptist Church had to put its plans to move into a new worship center on hold after online criminals stole hundreds of thousands of dollars from the church in an online email scam.
"What took more than seven years to save, somebody wiped out in just a few minutes," the church's Senior Pastor Johnny Blevin told the outlet.
Back in January, Blevins told WYFT-TV church staff received an email from Landmark, the church's construction company, who was working on their new building.
"Immediately following that email was another email, which we thought was from Landmark," Blevins said. "It had cloned basically that email and it gave instructions on payment and included the invoice and everything."
**Please sign up for CBN Newsletters and download the CBN News app to ensure you keep receiving the latest news.**
Blevins told the outlet that cloned email they responded to with the payment was a scam.
"At that point, we thought we had paid Landmark, and of course, Landmark was waiting on a check," he said. "So we didn't find out until almost nine days later when Landmark asked about the payment; and we said, 'we have paid,' and through investigation — found out it was a fraudulent account."
Blevin set up a GoFundMe page to help with the church's building project. It has so far raised $7,761.
To date, none of the church funds have been recovered.
Recently, Indiana Attorney General Todd Rokita warned churches and other non-profit organizations to be aware of a possible increase in cyber-attacks.
"Hackers regularly carry out attacks on companies and governmental offices," Rokita said. "Now, though, we're seeing signs that cybercriminals are expanding their lists of targets."
The attorney general also offered these tips:
- Be on alert for communications with dangerous attachments or fraudulent links.
- Always verify the email addresses of those who send you emails.
- Don't reveal personal or financial information via email or text message.
- Encourage regular and updated cyberattack training for organizations' employees, members, and volunteers.
- Ensure that your organization has updated appropriate software patches and that it monitors current schemes and scams by hackers.
- Avoid using gift cards, money orders, or cryptocurrency to conduct transactions or regular organization business.