When a Pastor’s Name Is Used for a Scam: What Church Leaders Need to Know

Across the country, churches and ministries are seeing a troubling rise in identity spoofing scams—particularly those that impersonate pastors or other trusted church leaders. These scams often arrive as emails or text messages that appear to come directly from a pastor and urgently request gift cards, financial assistance, or sensitive information. In many cases, congregants and staff come dangerously close to falling victim before realizing the message is fraudulent.¹

This is not an isolated issue affecting only a few congregations. Reports from faith-based publications, church accountability organizations, and news outlets show that pastor impersonation and phishing scams are a common challenge facing churches, ministries, and faith-based organizations nationwide. Cybersecurity experts note that churches are frequently targeted because of their culture of trust, publicly available contact information, and limited technical safeguards.² ³

How These Scams Work

Cybercriminals often:

• Spoof a pastor’s name or email address

• Use urgent or emotional language (“I need your help right now”)

• Request gift cards, wire transfers, or confidential information

• Target staff and trusted congregants who want to respond quickly and helpfully

Because these messages appear to come from familiar leaders, they can be especially convincing.

Practical Steps Churches Can Take Right Now

Church leaders can significantly reduce risk by putting a few clear safeguards in place:

1. Use Official Church Email Accounts Only

   Pastors and staff should communicate using official church email addresses (for example, pastor@yourchurch.org), rather than personal Gmail or other consumer accounts.

2. Set Clear Communication Expectations

   Educate staff and congregants on how pastors and leaders will—and will not—communicate. Make it clear that pastors will never request gift cards, money transfers, or sensitive information via email or text.

3. Enable Multi-Factor Authentication (MFA)

   All church email accounts, especially those of pastors and administrators, should use multi-factor authentication to prevent unauthorized access.

4. Strengthen Email Security

   Advanced email filtering tools can help block spoofed and malicious messages before they ever reach inboxes.

5. Encourage Cyber Awareness

   Remind staff and members to:

   • Scrutinize unexpected emails or texts

   • Avoid clicking suspicious links or attachments

   • Use strong, unique passwords

   • Disable unused Bluetooth and Wi-Fi connections on mobile devices

Mobile Devices Matter, Too

Guidance from Church Mutual, a valued partner of the United Methodist Insurance Program, highlights how unsecured mobile devices can enable email compromise and impersonation—making mobile security a critical part of church cybersecurity efforts.⁴

Training and Support for Churches

Churches do not have to navigate these challenges alone. GCFA/UMC Support provides resources as part of ongoing efforts to support local ministries:

• Security Awareness Training: A recent webinar, Digital Stewardship: Protecting Your Church Online, offers practical guidance tailored specifically for churches.

• Managed IT Services: Through the General Council on Finance and Administration, local churches can access technology managed services designed for ministry settings.

• Technology Value Pack: The UMC Support Tech Value Pack provides three levels of cybersecurity protection—affordable, scalable, and built with churches in mind. Learn more at gcfa.org/tech-value-pack.

Faithful Stewardship in a Digital World

Protecting your church’s digital identity is not just a technical issue—it is a matter of trust, stewardship, and care for your congregation. By setting clear communication practices, strengthening security tools, and using trusted partners and resources, churches can reduce risk and respond confidently to a growing threat.

Footnotes / References

1. Christianity Today reporting on the rise of pastor text and email impersonation scams, including fraudulent gift card requests sent to congregants and church staff across multiple denominations and regions.

2. MinistryWatch analysis documenting an increase in phishing and impersonation attacks targeting churches and faith-based nonprofits, noting that clergy impersonation is a common tactic due to trust-based church environments.

3. Regional and national news coverage documenting clergy impersonation and gift card scams affecting churches in multiple U.S. states, demonstrating that these incidents are not isolated or localized.

4. Church Mutual, Are Your Mobile Devices Secure Enough to Protect Client Health Information? Guidance outlining how unsecured mobile devices can expose churches and ministries to cyber risks, including unauthorized email access, spoofing, and data compromise.

This content has been prepared by United Methodist Insurance Company (UMI) for informational purposes only. No article or document may accurately contemplate all possible scenarios or church resources. As such, this information is meant to foster discussion by the individual church and its members to develop a plan tailored to its own circumstances. UMI is providing this information with no warranties or guarantees of any kind and it should not be viewed as legal, financial, or other professional advice. All liability is expressly disclaimed. Any claim examples described herein are general in nature, may or may not be based on actual claims, and are for informational purposes only. Any coverage available for a claim is determined from the facts and circumstances of the claim as well as the terms and conditions of any applicable policy, including any exclusions or deductibles. In the event of a conflict with the content herein, the terms and conditions of any issued policy will control. Individual coverage may vary and may not be available in all states.

The commercial insurance coverages for United Methodist Insurance are sold and serviced directly or indirectly by Sovereign Insurance Agency (CA Lic. No. 0B01380) ("Sovereign") and underwritten by various available insurance markets. Sovereign pays United Methodist Insurance a royalty for the use of its intellectual property.