Avoiding Fraud Targeting Grant Funds

Grant recipients need to be aware of the rise in social engineering and phishing scams targeting organizations, including OSBM grant recipients. These fraudulent schemes are designed to mislead and trick people into diverting grant funds by impersonating contractors, suppliers, or even employees. These scams can take many forms, such as fake emails, phone calls, or fraudulent invoices designed to manipulate recipients into providing sensitive information or making unauthorized payments.  

Below is OSBM's guidance to our grantees on avoiding these scams and what to do if they fall victim to fraud.

How to Avoid Fraud

1. Verify All Communication: Always verify requests for payment or changes in payment details directly with the contractor or vendor. Do not rely solely on email or phone calls. Use official contact information from your contract, vendor list, or previous communications.
2. Scrutinize Emails: Be cautious of unsolicited emails, especially those that ask for urgent action or contain attachments or links. Check the sender’s email address carefully, as it may be slightly altered to resemble a legitimate address. Do not open attachments or click on links unless you are absolutely sure of the sender’s identity.
3. Confirm Invoice Details: Before making any payments, verify that the invoice details, including the amount, vendor information, and bank account details, match previous communications. If anything seems off or unexpected, contact the vendor directly using a trusted contact method (not from the email or phone number on the invoice).
4. Double-Check Payment Instructions: If you receive a request to change payment instructions or bank account information, take extra steps to verify the request. Contact the vendor directly through a trusted and verified method such as vendor list, or contract information to confirm the change before proceeding with the transaction.  DO NOT use any contact information provided in the communications to request a change since its most likely links back to the fraudsters and not the real vendor.

What to Do if Your Organization Falls Victim to a Scam

1. Act Immediately: If you believe you have fallen victim to a phishing or social engineering scam, do not wait to take action. The quicker you respond, the better the chances of limiting the damage.  
2. Contact Your Financial Institution: Immediately notify your bank or financial institution of any unauthorized transactions. They may be able to stop or reverse the payment if it is caught in time.
3. Report to OSBM: As soon as you suspect fraud, please notify our office at NCGrants@osbm.nc.gov. We can provide guidance and involve the State Bureau of Investigation.
4. File a Report: If necessary, report the incident to the appropriate authorities, such as local law enforcement or the Federal Bureau of Investigation, and follow up with your bank to ensure they are taking the necessary steps.

It is crucial that all employees involved in managing grants or financial transactions are fully aware of the risks associated with phishing scams. Employees must understand that any changes to payment details, including electronic wire transfers or banking information related to contractors, suppliers, or vendors, should never be made based solely on an email or phone call. Always verify such requests through trusted contact information, such as that provided in contracts, official vendor lists, or other secure sources. This extra step of verification helps prevent fraud and ensures the integrity of financial transactions.

Resources to Learn More 

• Federal Bureau of Investigations video: Protected Voices: Social Engineering 
• The Coyle Group Insurance: What is Wire Transfer Fraud
•  KTLA: Protecting yourself from wire transfer scams

Please remain vigilant and take immediate action if you suspect any fraudulent activity. Should you need any assistance or have questions, please contact us.