Notifications
Clear all
Topic starter
27/06/2026 1:22 pm
TL;DR: Public grant announcements can turn recipients into targets, with one city losing more than $4 million via email after funding became visible, according to Abnormal AI. The security lesson is that public-sector funding disclosures expand the attack surface before organisations can harden identity, mail, and payment controls.
NHIMG editorial — here’s why we think this discussion matters
Questions worth separating out
Q: How should organisations respond when public funding announcements increase email fraud risk?
A: Organisations should treat public funding announcements as a trigger for tighter verification, not just as communications news.
Q: Why do public grant announcements make phishing and impersonation more effective?
A: Public announcements tell attackers who has money, who is likely to be contacted, and when staff may expect urgent follow-up.
Practitioner guidance
- Create a grant-announcement response playbook Define extra verification steps for finance, procurement, and executive assistants whenever funding announcements become public.
- Harden mailbox identity checks Enforce display-name review, sender authentication, and anti-impersonation controls on mailboxes that can approve or reroute payments.
- Restrict payment authority during publicity windows Limit who can approve urgent transfers or account changes during the period immediately after a grant announcement.
What to expect at the briefing
Abnormal AI's full webinar covers the operational detail this post intentionally leaves for the source:
- Scenario walkthroughs showing how threat actors use public grant announcements to select victims and craft email lures.
- Threat-type breakdowns that distinguish the most dangerous patterns for grant recipients in practice.
- Practical guidance on securing grant funding workflows and strengthening cybersecurity posture before payment requests arrive.
- ISC2 CPE-eligible webinar format for teams that need a structured internal learning session.
👉 Watch Abnormal AI's on-demand webinar on grant funding fraud and email risk →
Grant funding announcements: what they mean for security teams?
Explore further
27/06/2026 2:42 pm
Public grant announcements create a fraud preview window. When funding becomes visible, attackers no longer need to guess which organisations will receive money or when staff will be under pressure. That changes the threat from opportunistic phishing to timed impersonation against a known target set. Practitioners should treat disclosure events as an input to identity and communications risk, not just as external publicity.
A few things that frame the scale:
- Cybercriminals stole more than $4 million in funding dollars from a single city government all via email, according to LLMjacking: How Attackers Hijack AI Using Compromised NHIs.
- Only 44% of developers are reported to follow security best practices for secrets management, exposing a significant developer behaviour gap, according to The State of Secrets in AppSec.
A question worth separating out:
Q: Who is accountable when grant-related email fraud results in stolen funds?
A: Accountability usually sits across finance, communications, and identity governance because the attack succeeds through a handoff failure. If the organisation publishes funding information without adjusting approval controls, or if the recipient process allows unilateral payment changes, the control gap is organisational rather than purely technical.
👉 Read our full editorial: Grant funding announcements create an email-driven fraud risk
