Inbound attacks on non-profits increased over the past year.
Phishing, credential stealing and malware attacks have increased upon non-profit organisations.
According to research by Abnormal Security, email attacks on non-profit organisations have grown by 35 percent: with an increased reliance on digital fundraising, online donor engagement, and remote collaboration tools has expanded the non-profits’ attack surface.
Emails with malware attachments also increased by 26 percent, with email serving as the primary delivery method. Malicious attachments are often disguised as invoices, grant approvals, or donor lists trick recipients into unknowingly executing malware.
Also, non-profits frequently interact with external donors, vendors, and grant organisations via email, making it easier for attackers to pose as trusted individuals and manipulate recipients into taking harmful actions.
Credential phishing attacks on non-profit organisations have also escalated by 50 percent over the past year. By stealing login credentials, cyber-criminals gain access to internal communications, donor databases, and financial records, allowing them to launch further attacks or sell sensitive information on the dark web.
Written by
Dan Raywood
Senior Editor
SC Media UK
Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.
Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
