The Latest Phishing Attack: Fake Government Grants


Cybercriminals are always taking measures to be one step ahead of small business owners, so you need to arm yourself with as much information about the latest threats as possible. Small business owners are prone to phishing threats especially when it comes to Fake Government Grants.

Phishing entails email, phone calls, mobile and web ads, and other means of getting people to turn over log-ins and other credentials. Phishers are always trying to improve how their fake pages and emails look so that people who accidentally open them will click links. Even the smartest and best-intentioned person can easily fall victim to a phishing scam.

Lately, small business owners have been falling prey to a business grant scam currently proliferating on Facebook.

Facebook Fake Government Grants Scam: Real vs. Fake Small Business Grants

There are real legitimate grant programs designed for small business owners through programs such as SBIR/TT (Small Business Innovation Research and Technology Transfer) that offers funding opportunities from federal agencies. State-level programs may also offer startup assistance for new business owners. You can find an exhaustive list of grants currently accepting proposals at

Business grant programs require that owners submit a proposal and follow guidelines: you’re never going to hear directly from these grant programs through social media just bluntly offering you money. You won’t be contacted about government grants from the agencies through a Facebook ad or a “friend” talking to you. A real-life friend could tell you about a grant program, but they won’t try the following.

The Federal Trade Commission has recently received a rash of reports that social media spoofing, Facebook messages in particular, is being used to tell small business owners about small business grants. Phishers claim that recipients won a business grant or were eligible for funding. They asked for “confirmation” for the grants which means the scammer wants your cell number and other identifying information which eventually leads to handing over your passwords or paying “application fees”. Users opened them because it looked like the messages came from Facebook friends.

You’re never going to hear directly from these grant programs if you are not an active applicant. Most people are aware of this scam and have reported it, but victims are disproportionately older small business owners who rely heavily on social traffic and are less mindful of social media spoofing.

Telltale Signs of a Phishing Attack

Phishing attacks come in many forms such as phone scams and robocalls, email fraud, and social media spoofing. Here’s what a phishing attempt looks like.

  • The message is rife with syntax and spelling errors.
  • You will be asked to contact a specific agency, number, or email because you “won something” or are “eligible” for a grant, bonus, or other large sum of money.
  • The signature sounds like an institution that doesn’t actually link to a real website.
  • Copypasta: scammers often copy and paste entire copyrights, disclaimers, logos and so on without formatting it to look like the rest of the email.

Staying on Top of Phishing Threats

Preparing yourself and keeping your employees aware of phishing threats is of utmost importance for your business, whether you need to prevent another attack or haven’t been attacked yet. Here’s what you can do:

  • Use enterprise-grade email and software systems. These programs often have more safeguards in place than basic versions.
  • Never open attachments in emails where you’re not 100% sure who the sender is.
  • Invest in anti-phishing training. Global Learning Systems offers a comprehensive anti-phishing training course adaptable for organizations of all sizes, to help your employees stay on top of phishing threats.

Global Learning Systems can keep you one step ahead of hackers and phishers. Contact us today to learn more about how we can keep your organization secure and aware.

What Can You Do?

GLS knows that your employees’ cybersecurity awareness should not stop when they leave the office at the end of a workday. The principles they learn as part of their training at work should be extended to protecting personal data so that good habits are practiced 24×7 to reinforce positive behaviors and prevent phishing attempts.
As part of our Human Firewall 2.0 program, Global Learning Systems offers courses for prevention of online scams in:

GLS Logo

Enjoying our cybersecurity blogs?

Try out our weekly security awareness tips, sent directly
to your inbox.
GLS Logo

Your download is complete!

Need more training?