skip to Main Content
Faith-Based Daily Awareness Post

Faith-Based Daily Awareness Post 30 May 2024

Faith-Based Security Headlines

These updates are shared to help raise the situational awareness of Faith-Based organizations to best defend against and mitigate the impacts from all-hazards threats including physical security, cybersecurity, and natural disasters.

Church app developer exposes data of nearly a million Brazilians (inChurch software)

Cybernews reports:

“inChurch, a Brazilian software company providing services to 5000 churches across Brazil and 45,000 worldwide, has leaked a tremendous amount of sensitive user data.

Most of the leaked Excel files contained potentially sensitive personal data of 932,000 members of churches, mainly across Brazil, but the team was not able to independently validate the dataset due to white-hat cybersecurity practices.

Leaking such a massive amount of personal data is a cause of concern, as cybercriminals could exploit it in various ways. According to the researchers, cybercriminals could use the exposed email accounts and phone numbers for targeted phishing attacks. For example, they could send deceptive emails to affected individuals, which appear to be from inChurch. This increases the risk of further security breaches.

By using social engineering tactics with the leaked data, attackers might manipulate victims into revealing more personal information or taking actions that compromise their security.”

Analyst Comments:

The inChurch app is mostly used in Brazil, but it is also used outside of Brazil. Faith-Based Organizations (FBO) should check and see if they, or any of their affiliates, are using inChurch products.

The inChurch leak can serve as a reminder of how cybercriminals can use social engineering and a little information to obtain more information.

CrowdStrike’s What Is Social Engineering? Examples + Prevention explains social engineering, and provides the following best practices to prevent social engineering.

  • DON’T CLICK ON LINKS SENT BY PEOPLE YOU DON’T KNOW. Hover over them first; trust but verify!
  • Avoid opening attachments within emails from senders you do not recognize.
  • Be wary of emails or phone calls requesting account information or requesting that you verify your account.
  • Do not provide your username, password, date of birth, social security number, financial data or other personal information in response to an email or robocall.
  • Always independently verify any requested information originating from a legitimate source.
  • Always verify the web address of legitimate websites and manually type them into your browser.
  • Check for misspellings or improper domains within a link (for example, an address that should end in a .gov ends in .com instead).
  • Before transferring money or information, verify by voice or video call.
  • Be alert to counterfeit items, such as sanitizing products and personal protective equipment, or people selling products that claim to prevent, treat, diagnose or cure COVID-19.

Also, FB-ISAO’s 06 October 2023 Daily Awareness Post contains many cybersecurity resources.

More Security-focused Content

Read more about the 2023 Threat Data and what the data tells us about the threat landscape.
Read the March 2024 Threat Level Statement Update
Access all-hazards resources from public and private sector partners, curated by the FB-ISAO team.

The FB-ISAO’s sponsor Gate 15 publishes a free daily newsletter called the SUN. Curated from their open source intelligence collection process, the SUN informs leaders and analysts with the critical news of the day and provides a holistic look at the current global, all-hazards threat environment. Ahead of the daily news cycle, the SUN allows current situational awareness into the topics that will impact your organization. To sign-up for The SUN, please sign up below.

Back To Top
Show Buttons
Hide Buttons