Why Non-profits Are Prime Targets
Non-profit organizations are disproportionately targeted by grant scammers for several reasons that fraudsters have identified and exploit systematically. First, non-profits are perpetually resource-constrained — they need funding, they know they need funding, and the arrival of an apparently promising grant opportunity can bypass the critical evaluation that would normally apply to a financial transaction. Second, non-profit staff are often overworked, making careful verification of every communication difficult. Third, many non-profits operate with limited financial oversight and internal controls, making it easier for a successful fraud to go undetected or produce irreversible consequences before anyone realizes what has happened. Fourth, non-profit directories, grant databases, and sector publications make it easy for scammers to identify and research target organizations — including details about their programs, leadership names, and the types of funding they typically pursue.
The "You've Been Selected" Email
The most widespread grant scam format is the unsolicited award notification. These emails typically come from addresses mimicking real foundations (using domains like "ford-foundation-grants.org" rather than "fordfoundation.org") and inform the recipient that their organization has been selected for a grant based on a nomination or an evaluation of public information about their work. The email congratulates you, names a specific grant amount (often $50,000 to $500,000 — large enough to be exciting, small enough to seem plausible for a first-time award), and requests that you contact a "grants manager" to begin the "release process." When you contact them, you will be informed of various fees that must be paid before the funds can be transferred. Once fees are paid, additional fees emerge. The cycle continues until the victim refuses to pay more or runs out of money.
Fake Government Grant Portals
A more technically sophisticated variant involves the creation of convincing fake government grant portals — websites that closely mimic the visual design of real government funding platforms like Grants.gov, the EU's PADOR, or national government grant portals. These sites are often found through paid search advertising that appears above legitimate results when organizations search for grant applications. They may require you to "register" using your organization's tax ID, bank account information, and administrator credentials — all of which are then used for identity theft or unauthorized financial transactions. Always access government funding portals by typing the official URL directly into your browser or bookmarking the verified official site. Never access government portals through links in emails or through paid search advertisements.
The Impersonation Call
Some grant scams involve phone calls from individuals claiming to be program officers at major foundations or government agencies. They may reference real details about your organization — your executive director's name, your recent program work, the types of funding you've applied for — obtained from your website, annual report, or grant databases. The call informs you that you've been identified as a strong candidate for a specific grant and asks you to provide financial information to begin the "pre-qualification process." Real program officers occasionally make introductory phone calls, but they never ask for financial account information, routing numbers, or payment authorizations over the phone. If you receive a call from someone claiming to represent a major funder and requesting financial information, end the call and independently verify the funder's real phone number before calling back.
Internal Fraud: The Threat Within
Not all grant fraud originates externally. Internal fraud — by staff, volunteers, or board members with access to grant funds and financial systems — is a significant and often underdiscussed risk for non-profits. Common internal fraud patterns include phantom vendor schemes (fake invoices for services never rendered), expense report fraud (inflated or fabricated reimbursements), payroll fraud (ghost employees or inflated hours), and grant fund diversion (redirecting restricted grant funds to unauthorized uses). The risk of internal fraud increases in organizations with weak financial controls, limited segregation of duties, inadequate board financial oversight, and cultures that discourage questions about financial management. Strong internal controls — requiring dual signatures on payments above a threshold, conducting regular bank reconciliations, having independent audits, and maintaining a confidential reporting mechanism for financial concerns — are your primary defenses against internal fraud.
Recovery and Reporting
If your non-profit has been victimized by a grant scam, act immediately. Contact your bank or payment processor at once — some wire transfers can be recalled if reported within the first 24 to 72 hours. File a report with your national fraud reporting authority (the FBI's Internet Crime Complaint Center in the US, Action Fraud in the UK, or equivalent agencies elsewhere). File a report with the Internet Crime Complaint Center regardless of your country, as many grant scams operate internationally. Notify the legitimate organization being impersonated — foundations and government agencies actively want to know when their identity and branding are being misused, and they may be collecting information to support legal action against the fraudsters. Inform your board immediately, as they have a fiduciary duty to know about significant financial risks or losses. And consider whether your current financial controls and staff training are adequate to prevent future incidents.
