Nonprofits Face Surge in Cyber-Attacks as Email Threats Rise 35%

Nonprofit organizations have seen a sharp rise in cyber-attacks, with email-based threats increasing by 35.2% over the past year. These attacks target donor data, financial transactions and internal communications.

According to a new report by Abnormal Security, nonprofits have become prime targets due to their limited cybersecurity resources, high-trust environments and frequent financial transactions.

Attackers exploit these vulnerabilities to deploy business email compromise (BEC) and vendor email compromise (VEC) schemes, tricking employees into redirecting funds or sharing sensitive information.

The growing sophistication of social engineering tactics has contributed to this surge.

Cybercriminals craft highly targeted phishing emails that bypass traditional security filters, often impersonating donors, regulatory agencies or partner organizations. The increase in digital fundraising and online collaboration tools has further expanded the attack surface.

Phishing and Malware Attacks on the Rise

Credential phishing, which enables attackers to steal login details and gain access to donor databases, has surged by 50.4%.

By infiltrating these systems, criminals can compromise internal communications, conduct financial fraud or sell sensitive data on the dark web. Nonprofits are particularly susceptible due to their reliance on volunteers and external partners, who may not have formal cybersecurity training.

Read more on the growing impact of social engineering in cybercrime: 92% of Organizations Hit by Credential Compromise from Social Engineering Attacks

Malware attacks have also climbed by 26.2%, with malicious attachments posing as invoices, grant approvals or donor lists. These files contain malware that can lead to ransomware incidents, data breaches or operational disruptions.

Ransomware is especially concerning for nonprofits, as many lack the financial resources to pay ransom demands or recover from significant IT system outages.

A recent high-profile attack targeted Ascension, a major nonprofit health system. A phishing email led to a ransomware infection that disrupted hospital operations, delayed patient care and forced emergency care diversions.

Strengthening Cybersecurity Defenses

Given the increasing threat landscape, nonprofits must take proactive measures to safeguard their operations.

Abnormal Security said AI-native email security solutions can help detect and block sophisticated attacks before they reach inboxes. These tools leverage behavioral analysis and machine learning to identify anomalies and prevent breaches.

Protecting donor data, securing financial transactions and maintaining public trust are critical for nonprofits to continue their work without disruption.