These updates are shared to help raise the situational awareness of Faith-Based organizations to best defend against and mitigate the impacts from all-hazards threats including physical security, cybersecurity, and natural disasters.
According to Reliaquest, attackers are increasingly targeting identity and human behavior instead of trying to break through technical defenses. A typical finance fraud attack follows five predictable stages.
Stage 1: Credential Theft involves attackers using phishing emails, fake websites, or social engineering to steal login credentials. Organizations can reduce this risk by implementing phishing-resistant multi-factor authentication (MFA) and automated phishing detection.
Stage 2: Business Email Compromise (BEC) sees attackers leverage compromised accounts and AI-generated emails to build trust and manipulate victims; monitoring for brand impersonation and suspicious email activity can help identify these campaigns early.
Stage 3: Executive Fraud involves impersonating trusted leaders through spoofed accounts or deepfakes to authorize fraudulent payments. Requiring independent verification for wire transfers, payment requests, and banking changes can disrupt these attempts.
Stage 4: Lateral Movement is where attackers abuse legitimate accounts to move through cloud and identity environments while avoiding detection. Correlating activity across identity, email, and cloud systems can expose anomalous behavior before it escalates.
Stage 5: Financial Fraud culminates in wire fraud, data theft, or ransomware. Rapidly containing compromised accounts and suspicious activity can limit financial losses and prevent attackers from achieving their objectives.
Analyst Comments: Similar to corporate targets, faith-based organizations often handle enough money to make them targets for cyber threat actors. Faith-based organizations could consider strengthening identity protections by implementing phishing-resistant MFA, requiring out-of-band verification for financial transactions or changes to payment information, and regularly training staff and volunteers to recognize AI-generated phishing attempts and impersonation scams. They may also consider monitoring for lookalike domains that mimic their organization, reviewing permissions to limit unnecessary access, and ensuring suspicious account activity can be identified across email, cloud services, and other systems. As cybercriminals continue shifting toward attacks that exploit trust and legitimate credentials, reinforcing verification processes and strengthening identity security can significantly reduce the likelihood of financial loss or unauthorized access.
The U.S. Secret Service National Threat Assessment Center (NTAC) will host a free virtual training on August 5, 2026, focused on preventing school violence as students prepare to return for the Fall 2026 school year. Led by Dr. Kelsey Morris, the presentation will share findings from decades of NTAC research examining the backgrounds, behaviors, and warning signs commonly exhibited by school attackers, as well as real-world examples where schools successfully identified and disrupted planned actors of violence before they occurred.
The training will also explore how Behavioral Threat Assessment and Management (BTAM) programs can be integrated with Multi-Tiered Systems of Support (MTSS) to identify and assist individuals in crisis while promoting a safer school environment. A case study will further illustrate the important role that social, emotional, and behavioral well-being plays in preventing targeted violence. The virtual event is designed for educators, administrators, counselors, law enforcement, and other school safety partners.
Analyst Comments: For faith-based organizations that operate schools, preschools, daycare programs, or youth ministries, this training reinforces an important reality that targeted violence is often preventable when concerning behaviors are recognized early and addressed through a coordinated, supportive approach. Research from the U.S. Secret Service has consistently found that individuals who carry out targeted violence frequently display observable behaviors, communicate their concerns or intent to others, and experience indefinable stressors before an attack. Recognizing those warning signs and having a structures process to evaluate and respond to them can create opportunities for intervention long before a crisis develops.
The FB-ISAO’s sponsor Gate 15 publishes a daily newsletter called the SUN. Curated from their open source intelligence collection process, the SUN informs leaders and analysts with the critical news of the day and provides a holistic look at the current global, all-hazards threat environment. Ahead of the daily news cycle, the SUN allows current situational awareness into the topics that will impact your organization.