In 2023, a Hong Kong finance worker authorized a $25 million wire transfer after a video call with who appeared to be his company's CFO and multiple colleagues. Every person on the call was a deepfake. The fraud was not discovered until he contacted the actual CFO afterward.
The same technology is arriving in churches. Reports have emerged of scammers using cloned pastor voices in phone calls to elderly congregants requesting emergency funds. Fraudulent video messages appearing to come from well-known pastors have circulated on social media asking for donations. The technical barrier to creating a convincing audio clone of any pastor who has preached on video is now low enough that it requires no specialized equipment.
This is a pastoral crisis with practical solutions, but the solutions require action before an incident, not after.
"Be as shrewd as snakes and as innocent as doves." - Matthew 10:16
Why Churches Are Targeted
Churches are attractive targets for deepfake fraud for several reasons that Matthew 10:16 addresses directly. Jesus told his disciples to be "as shrewd as snakes and as innocent as doves." The innocence that characterizes healthy Christian community, the disposition toward trust, care for others, and quick response to apparent need, is also a vulnerability that bad actors exploit.
Congregants who trust their pastor are more likely to comply with urgent requests that appear to come from him. Church communities that have strong cultures of generosity respond quickly to appeals for financial help. Older members who are less familiar with deepfake technology may have no framework for questioning whether a voice or video is authentic.
This is not a reason to become suspicious of everyone. It is a reason to build structural protections that preserve the community's trust culture while removing the vulnerabilities that make it exploitable.
What Current Deepfake Fraud Actually Looks Like
Voice Cloning Attacks
The most common church-targeting fraud at present uses voice cloning, not video. A scammer needs as little as a few minutes of audio, easily obtained from any church podcast or sermon archive, to produce a convincing voice clone. The clone is then used in a phone call to a church administrator, treasurer, or congregant.
The script typically involves urgency and a request for secrecy: "I'm in an emergency situation, I can't go through normal channels, please wire this amount and don't tell anyone yet." The urgency and secrecy are designed to bypass the normal verification instinct.
Video Deepfake Attacks
Video deepfakes are more technically demanding but increasingly accessible. In 2025, several churches in the United States reported fraudulent video messages appearing to come from their lead pastor, distributed through WhatsApp and Facebook, requesting donations for fabricated causes.
Ephesians 4:14 warns against being "tossed back and forth by the waves, and blown here and there by every wind of teaching and by the cunning and craftiness of people in their deceitful scheming." The warning is about doctrine, but the posture it calls for, stability, discernment, and resistance to manipulation, applies directly to these schemes.
1ChurchWhatever You Do: The 1 Corinthians 10:31 Test for Church Tech
2Product UpdatesFaithGPT Now Supports English, Spanish, and French Across the App
3AI EthicsPope Leo XIV's AI Encyclical Matters More Than Christians Think
4is prayer effectiveIs Prayer Effective? What the Bible Says About Prayer and God's ResponsePractical Protective Measures
Churches can take several concrete steps to reduce vulnerability.
Establish a verification protocol for financial requests. Any financial request that comes through phone, text, email, or video should require a second verification through a different channel. If a voice message appears to come from the pastor requesting an emergency transfer, the response is always to call the pastor's known number directly before acting. This single step defeats most fraud attempts.
Brief your most vulnerable congregants. Older congregants who may receive phone calls are the most common targets for voice-clone fraud. A brief, non-alarmist conversation about the fact that scammers can fake voices and that the church will never make urgent financial requests by phone provides the frame people need to pause and verify.
Audit your public audio and video footprint. Any pastor who has substantial audio or video available online has already provided enough material for voice cloning. This does not mean removing content. It means understanding that the material exists and building verification systems that account for it.
Create a church-wide safe word or code system. Some families use a family safe word for emergencies. Churches can do the same. A code word or phrase known only to trusted leaders can be requested in any communication that seems off. A deepfake will not know it.
Post clear anti-fraud guidance. A brief statement on the church website, in the bulletin, and communicated verbally: the church will never request urgent donations by phone or unverified video, and any such request should be verified through the church office before any action is taken.
The Pastoral Response
When a deepfake incident does occur, or when the congregation learns that this threat exists, the pastoral response matters enormously.
Acknowledge the reality directly and without alarm. Congregants who hear about deepfake fraud from the news and wonder whether it could happen at their church are better served by a clear, calm word from their pastor than by silence. Name the threat, explain what protections are in place, and invite anyone with questions or concerns to reach out.
Maintain the community's trust posture. The goal is not to make the congregation suspicious of every communication. The goal is to build verification habits that protect the community's generosity, not replace it with caution. Discernment and generosity are not opposites. A church that knows how to verify a request can give more freely, not less, because its members know they are not being manipulated.
The shrewdness Jesus calls for in Matthew 10:16 is in service of the innocence, not a replacement for it. That combination is what protects a church community without making it cold.
Your weekly faith & AI brief.
Scripture, reflection, and the AI news that matters for Christians. Free, every week.
Read this week’s issueHow Deepfake Fraud Has Specifically Targeted Religious Communities
Religious communities have characteristics that make them attractive targets beyond the general trust environment already described.
Sermon archives are publicly available voice samples. Most churches post audio and video of sermons online. These archives provide exactly the training material needed for a voice clone. The pastor of a church with ten years of sermon recordings has unknowingly made the raw material for their own clone widely available. This is not a reason to remove sermon archives; the evangelistic value far outweighs the risk. It is a reason to build verification systems that account for it.
Giving culture creates a warm reception for financial appeals. Churches with strong generosity cultures, where members are formed to respond to needs quickly and without excessive skepticism, are more likely to respond to a fraudulent appeal that mimics an urgent pastoral request. The virtue of generosity becomes a vulnerability when there are no structural safeguards around it.
Elderly members are the most targeted demographic. Voice-cloning fraud disproportionately targets older adults, who are less likely to be familiar with the technology and more likely to trust a voice they recognize. In churches with significant elderly populations, this demographic is worth briefing specifically.
Trust in pastoral authority is genuine. A congregation that has a genuine, healthy relationship with its pastor will respond to apparent communications from that pastor. That trust is worth protecting, not eroding, which is why the solution is verification systems rather than suspicion of every communication.
Comparing Vulnerability and Protection Levels
| Church characteristic | Vulnerability | Protective measure |
|---|---|---|
| Large online sermon archive | Higher (more voice data available) | Mandatory secondary verification for financial requests |
| Strong giving culture | Higher (faster response to appeals) | Clear policy: no urgent financial requests by phone or unverified video |
| Significant elderly membership | Higher (less familiarity with deepfakes) | Specific, non-alarmist briefing for older members |
| Centralized financial authorization | Lower (fewer people can authorize) | Ensure those people have verification protocols |
| Church-wide fraud awareness | Lower | Annual brief update on current threats |
The goal of this comparison is not to rank churches by vulnerability but to identify which specific measures address which specific risks.
What to Do After an Incident
Despite preparation, incidents can still occur. If a church is targeted by deepfake fraud:
If money was transferred: Contact your bank immediately; many wire transfers can be recalled within hours. File a police report and an FBI Internet Crime Complaint Center (IC3) report. Document everything.
If no money was lost: Still document and report. The attempt may be useful to law enforcement tracking patterns. Alert your congregation so members are prepared if they receive similar calls.
Pastoral response to your community: Address it directly and without excessive alarm. Explain what happened, what protections are now in place, and what to do if members receive suspicious communications. People who hear about the incident from their pastor are better positioned than people who hear about it through rumor.
Review and update your protocols: A near-miss is a free lesson. Use it to strengthen whatever gap the fraudsters exploited.
What This Comes Down To
- Voice-cloning fraud targeting churches is documented and growing. The technology barrier is now low enough that any pastor with an online sermon archive has provided sufficient material for a convincing clone.
- The most effective defense is simple: mandatory secondary verification through a separate channel before any financial action is taken on any urgent request.
- Churches should brief their most vulnerable members, specifically older adults, in a calm and non-alarming way. They already face disproportionate targeting by this type of fraud.
- Discernment and generosity are not opposed. A church with good verification habits can give more freely, not less, because members know they are not being manipulated.
Frequently Asked Questions
How much audio does a scammer need to clone a pastor's voice?
Current voice-cloning technology can produce convincing results with as little as three to five minutes of audio. Any pastor whose sermons are available as a podcast, on YouTube, or archived on the church website has already provided more than enough. The solution is not to remove sermon audio but to build verification practices that make voice alone insufficient authorization for financial decisions.
What should a church treasurer or administrator do if they receive an urgent request that seems to come from their pastor?
Stop and verify through a separate channel before taking any action. Call the pastor's personal cell phone number directly (not any number provided in the message), send a text, or walk to their office. If you cannot reach them, do not act until you can. Any legitimate emergency can wait the few minutes it takes to verify. If a request insists you act immediately without verification, treat that insistence itself as a warning sign.
Should churches stop publishing sermon audio and video to protect against voice cloning?
No. The pastoral and evangelistic value of online content far outweighs the voice-cloning risk, and removing content would not eliminate the risk since older recordings remain available. The right response is robust verification protocols, not content restriction. Treating all urgent financial requests with mandatory secondary verification defeats the attack regardless of how realistic the voice clone sounds.
