Inbound attacks on non-profits increased over the past year.
Phishing, credential stealing and malware attacks have increased upon non-profit organisations.
According to research by Abnormal Security, email attacks on non-profit organisations have grown by 35 percent: with an increased reliance on digital fundraising, online donor engagement, and remote collaboration tools has expanded the non-profits’ attack surface.
Emails with malware attachments also increased by 26 percent, with email serving as the primary delivery method. Malicious attachments are often disguised as invoices, grant approvals, or donor lists trick recipients into unknowingly executing malware.
Also, non-profits frequently interact with external donors, vendors, and grant organisations via email, making it easier for attackers to pose as trusted individuals and manipulate recipients into taking harmful actions.
Credential phishing attacks on non-profit organisations have also escalated by 50 percent over the past year. By stealing login credentials, cyber-criminals gain access to internal communications, donor databases, and financial records, allowing them to launch further attacks or sell sensitive information on the dark web.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
