Announcements Archive

As part of its Hotline Advisory Alerts, the Office of Inspector General (OIG) for the Legal Services Corporation (LSC) is notifying grantees with the following information on recent phishing/malware attacks on businesses that use Intuit QuickBooks. We understand that some LSC grantees use QuickBooks.

Security notices from Intuit advised of several cybercrime phishing schemes against QuickBooks users. In a notice dated May 25, 2022, Intuit warns of one scheme where the user is told by the perpetrator that a temporary hold was placed on their account pending verification of account information. In a notice dated April 28, 2022, Intuit warns of another scheme where the perpetrator confirms receipt of payment by the user for a fake invoice. The messages then direct the account holder to click on a link or to complete verification, resulting in the downloading of malware or offer a phone number where scammers are prepared to extract valuable personal or financial data from the caller.

After 14 years of service, supporting the mission of equal access to justice through independent, objective oversight, Inspector General Jeffrey E. Schanz retired in March. Mr. Schanz joined the Legal Services Corporation (LSC) Office of Inspector General (OIG) after nearly 32 years in the federal IG community. His contributions to LSC and our OIG, and his years of dedicated public service, are much appreciated.

The Office of Inspector General (OIG) for the Legal Services Corporation (LSC) is informing you of a recent case involving an attorney who was employed simultaneously (full-time) at two different LSC funded programs. The attorney did not disclose the dual employment to either grantee in violation of grantee policies.

On March 30, 2022, the Federal Bureau of Investigation (FBI) warned local governments and public services of continued ransomware attacks that have resulted in a disruption of operational services, risks to public safety, and financial losses. The FBI urges local governments and public services to take steps to prevent and recover from ransomware attacks. The OIG also believes that ransomware has been and will continue to be a threat to LSC grantees. As a result, the risks identified by the FBI in the Private Industry Notification (PIN) apply equally to other organizations such as nonprofit businesses. Please review this alert and the FBI warning to ensure that your program has taken the steps necessary to minimize operational disruptions in the event of a ransomware attack.

Nearly all LSC grantees make use of credit cards and/or purchase cards tied to individual retailers (Sam’s Club, Office Depot, and others) to facilitate the process of making recurring or one-time expenditures. Credit cards and purchase cards offer grantees many advantages and allow grantees to make purchases with ease and efficiency.

The FBI defines BEC schemes as scams that target businesses that regularly perform wire transfers by compromising official email accounts in an attempt to conduct unauthorized fund transfers. This recent BEC scheme is the first reported scheme that has identified and targeted an LSC grantee’s financial institutions in order to gain unauthorized access to their accounts (including both banking and investment accounts).

On November 8, 2021, as a result of a joint investigation by the U.S. Secret Service, and the Office of Inspector General (OIG), Legal Services Corporation (LSC), a former Information Technology (IT) Manager for an LSC grantee entered into a Pretrial Diversion Agreement (PDA) with the U.S. Attorney’s Office (USAO).

On December 6, 2021, in Superior Court, Orange County, CA, Luna and Cancino pled guilty to multiple counts of Grand Theft, one count of Theft of Personal Property, and one count of Unauthorized Practice of Law. Sentencing for Luna and Cancino is scheduled for June 6, 2022

The OIG recognizes that many grantees implement strong internal controls in your programs. This Fraud Alert is being issued to grantees to inform you of fraud indicators uncovered by OIG investigations since 2018 and to highlight the importance of grantee employees alerting the OIG to potential indicators of fraud, waste, and abuse of program funds. In doing so, the OIG intends to help prevent your program from being a victim of fraud.

The OIG has recorded a Cybercrimes Fraud Awareness presentation to inform grantees of the types of cyber-attacks that have targeted LSC grantees since 2018. The presentation provides grantees with best practices for preventing and detecting similar cyber-attacks and suggestions for responding to the cyber-attacks if they do impact your program.