ChurchTrac Logo ChurchTrac Logo
Help & Resources
Help Center
Browse answers, or connect with our team
Watch our Videos
Watch our tutorials and live streams
Read the Blog
News, tips and the latest happenings
Hear Our Story
The 9 things that make us unique
Explore Plans & Pricing
Affordable options for every church
Pricing
Help Center
Browse answers, or connect with our team
Watch our Videos
Watch our tutorials and live streams
Read the Blog
News, tips and the latest happenings
Hear Our Story
The 9 things that make us unique
Explore Plans & Pricing
Affordable options for every church
Login
Start For Free
 Blog Home  /  Common Scams That Target Churches: How To Protect Yours

Common Scams That Target Churches: How To Protect Yours

profile-image
By Byron | 06/06/2026

Key Takeaways

  • Scammers are targeting churches more than ever.
  • The most common scams revolve around member data and church logins.

Common Scams That Target Churches: How To Protect Yours

Churches are uniquely vulnerable to scams because church culture is built on trust, generosity, and a willingness to help. Scammers know this and exploit it deliberately. 

Here are the most common scams we see targeting churches, and what to do about them.

Copyright Trolls: "You Owe Us Money for That Image"

The email looks professional. It comes from a law firm or a licensing agency. It claims that an image on your church website or music on a video is being used without a license, and that you owe hundreds or sometimes thousands of dollars in damages. 

Scam legal email

This is almost always a scare tactic, not a legitimate legal action. These operations send mass emails hoping that someone will panic and pay without asking questions. The "damages" are inflated, the deadlines are fabricated, and the goal is to get you to write a check before you think it through.

One of the easiest ways to determine if one of these emails is fake is to inspect the actual email address the email came from.

Fake scam emails

What to do:

  • Do not pay. Payment is not an admission of guilt, but it does invite more demands.
  • If the image is on your site and you do not own it or have a license for it, remove it immediately. That is the end of your exposure in most cases.
  • Do not respond to the email, call any phone number listed in the email, or click any links/
  •  If you use ChurchTrac, forward the entire email — including the message body — to copyright@churchtrac.com. ChurchTrac can help you assess the situation and respond appropriately.

The best long-term protection is simple: only use media you own or have a verified license for.

ChurchTrac users already have a head start. ChurchTrac includes a built-in collection of Igniter Media images, license included, free to use on your church website.

Social Engineering: The Gift Card Scam and the Directory Grab

Social engineering scams are incredibly common these days. The goal of most of them is to access your church's member directory and proceed to reach out to your congregation to ask for money or get gift cards.

The directory grab

Someone sends an email or text to the church office. It appears to come from the pastor, an elder, or another trusted leader.

The request is simple and sounds reasonable: "Can you send me the church directory? I need to reach some folks." The name is right. The tone feels familiar. The directory goes out.

Church Directory Scam Text

The gift card blast

Now the scammer has a list of church members with contact information. Emails and text messages go out impersonating the pastor: "I am in a bind and need your help. Can you purchase a few gift cards and send me the codes? I will explain everything later. Please keep this between us for now."

Gift card scam

The secrecy is a red flag. So is the urgency. So is any request for gift cards, no legitimate emergency is solved with iTunes or Amazon gift cards.

What to do:

  • Verify any unusual request by calling the person directly — using a phone number you already have for them, not one provided in the email.
  • Never send a membership directory, contact list, or any personal member data based on an email request alone, regardless of who it appears to be from.
  • Train your staff and volunteers to recognize this pattern. The people most likely to be targeted are the ones most eager to be helpful.
  • If you use ChurchTrac to generate reports containing member contact information, ChurchTrac will prompt you with a warning before generating the report, reminding you to verify the request through a known phone number before proceeding.
  • Report suspected social engineering attempts to your church leadership immediately so others can be warned.

Phishing and Fake Password Reset Emails

You receive an email that appears to come from your bank, your email provider, or another familiar service (like ChurchTrac), asking you to verify your account or reset your password.

The link leads to a convincing fake login page designed to capture your credentials. These emails can be sophisticated with correct logos, familiar sender names, even a domain that looks nearly right at a glance.

Your email account is the most critical target. Whoever controls your email can trigger "forgot my password" resets on virtually every other service tied to that address:

  • Your bank
  • Your giving platform
  • Your church management software
  • Your social media accounts. Losing email access is not just one breach; it is a master key to everything else.

For the record: ChurchTrac will never send you an unsolicited request to update your password. If you receive an email claiming to be from us asking you to do so, do not click anything — delete it. 

Other Scams That Target Churches

Here are some other common scams we see target— Including overpayment checks and fake wire transfer requests.

Fake vendor invoices

A scammer spoofs a vendor your church already does business with — your HVAC company, your AV supplier, your lawn service — and submits an invoice with slightly different banking details. Always verify any change in payment instructions with a direct phone call to the vendor before sending money.

Fake wire transfer requests

An email appears to come from the pastor or a board member asking staff to urgently wire money for a mission trip emergency, a surprise gift, or another time-sensitive reason. Legitimate financial requests do not come through email alone. Require a secondary verification step for any wire transfer.

Overpayment check scams

Someone writes your church a generous check, then contacts you saying it was larger than intended and asks you to refund the difference. The original check later bounces. Never refund an overpayment until the original check has fully cleared — which can take weeks.

Fake grant offers

Your church has been selected to receive a significant faith-based grant. You just need to pay a processing fee to claim it. Real grants do not require upfront fees.

Domain and compliance notices

Emails designed to look like official notices from ICANN, your state government, or a regulatory body claim that your domain registration, annual report filing, or website compliance requires immediate payment. Most of these are either private companies charging for services you do not need, or outright fraud. Verify anything that looks like a government notice directly through official government websites.

Directory and SEO listing invoices

You receive an invoice or official-looking notice saying your church website must be submitted to a national directory, or that your search engine listing requires renewal. These are not obligations. Discard them.

Ransomware via phishing

A staff member clicks a link in a convincing email, and malware encrypts your church's files — including membership records and financial data. Attackers then demand payment to restore access. The best defenses are regular offsite backups, staff training on phishing awareness, and never paying the ransom.

Your Church Is a Target — Regardless of Size or Location

One of the most common misconceptions we hear is that a small or rural church does not need to worry about internet security. 

Scammers are not driving through your town looking for targets. They are running automated operations from anywhere in the world, casting the widest net possible.

Scammers don't care about your church's

  • Membership Size
  • Physical Location
  • Denomination

What matters is that you have an email address, a website, a bank account, and people who are inclined to be helpful.

The good news is that most of these scams are entirely preventable with awareness and a few simple habits. To help you get started, ChurchTrac has put together a security checklist specifically for protecting your account and your church's data.

 

Church Scams FAQs

Why are scammers targeting our small church instead of big corporations?

Scammers aren't targeting you personally; they are using automated software to scan thousands of church websites and directories at once. They actually prefer  smaller churches because they know large corporations have dedicated IT security departments. Smaller ministries often rely on passionate volunteers and busy staff who wear multiple hats, making them easier targets for fast-paced, high-pressure scams.

How can we tell a real legal notice from a "Copyright Troll" email?

Legitimate legal actions rarely start with a vague, threatening mass email demanding immediate payment via a digital link. Copyright trolls rely on panic. Look closely at the sender’s email domain (not just the display name).

What should we do if someone in our church already fell for one of these scams?

Don’t panic, but act quickly. First, isolate the breach: if a password was compromised, change it immediately and log out of all active sessions. If financial data or wire transfers were involved, contact your bank’s fraud department right away. If a member sent gift cards, have them contact the card issuer (e.g., Apple or Amazon) to see if the funds can be frozen. Finally, communicate openly with your staff and congregation.

Start your free trial

Explore ChurchTrac for yourself by starting a free 30 day trial.

Get Started Now
ChurchTrac Logo

Your All-In-One Church Software.

Facebook Twitter Youtube Vimeo

Products & Features

Donations and Online Giving Church Website Builder Church App Builder People & Messaging Events & Attendance Child Check-In Church Automations Church Accounting Worship and Scheduling Custom Built Websites Accounting Service Security & Integrations

How We Compare

ChurchTrac vs Planning Center ChurchTrac vs Tithe.ly ChurchTrac vs Breeze ChurchTrac vs QuickBooks ChurchTrac vs Aplos See all comparisons

Software Solutions

For Church Plants For Small Churches For Mid-Size Churches See more solutions

Company

About ChurchTrac Terms of Service Privacy Policy Copyright Policy

Quick Links

Login to Your Account ChurchTrac Pricing Start a Trial Getting Started Join a Live Demo Contact Us | Tech Support

Recent Posts

  • Buying Church Software? Avoid This One Fatal Mistake
  • Best Church Management Software Picks (2026)
  • 4 Youth Ministry Podcasts Every Leader Needs to Hear
  • 5 Teen Study Bibles You Can Actually Trust
  • Don't Overpay for Online Giving: The Best Platform for Small and Mid-Size Churches
  • View more blog posts...