Hotline Advisory: Grantee Mitigates Impact of a Ransomware Attack
Ransomware attacks are on the rise for all types of industries. Common causes of ransomware attacks include spam or phishing emails, employees being deceived, weak passwords and related access management issues, and employees accessing malicious websites.
Retainer Fee Fraud Scheme
The Office of Inspector General (OIG) for the Legal Services Corporation (LSC) is informing you of a recent scam, attempting to obtain $3500 from a grantee client as a “retainer fee.”
The client received a letter in the mail, purportedly from the grantee. The letter contained the grantee’s logo at the top and instructed the client to remit payment to the grantee at a P.O. Box that is not affiliated with the organization. The client’s name, address, and case number were included within the letter. The grantee believes the client information was gained through media exposure for the case, as well as through information that is publicly available.
Email Scams Targeting LSC and LSC Grantees
The Office of Inspector General (OIG) has confirmed that the Legal Services Corporation (LSC) and at least two LSC grantees have recently been the target of business email compromise (BEC) scams. These scams resulted in the successful diversion of grant funds and gift cards to cyber-criminals. This threat is ongoing, and we have reason to believe that the cyber-criminals may be targeting additional LSC grantees. We therefore strongly encourage you to take immediate preventative steps, described in more detail below. The preventive steps include training your employees on BEC schemes and enhancing your internal controls and data security. Please share this fraud advisory with all employees to prevent the success of future scams in our community.
Special Fraud Advisory - Business Email Compromise Scheme
The OIG believes that the LSC community is at risk of being targeted by BEC schemes. We ask grantees to make their employees aware of the known threat and provide them with the resources included in this advisory.
Summary Results of Quality Control Reviews (QCRs) for FY2018 and FY2019 Financial Statement Audits
The information presented is a summary of the results of QCRs of Fiscal Year 2018 and Fiscal Year 2019 financial statement audits conducted by IPAs. We encourage IPAs and Executive Directors to use the summary information in planning and conducting audits of LSC grantees.
Ransomware Attacks Fraud Alert
The OIG Hotline has recently received several reports of ransomware attacks directed at grantee IT networks. The perpetrators of these attacks exploited weaknesses in grantees’ IT infrastructure to disrupt grantee access to data, financial records, and sensitive client information, or to disable servers and back-up servers, pending payment of a ransom.
Fraud Awareness Briefings
This recorded Fraud Awareness Briefing provides useful information to assist in preventing common fraud schemes found in grantee programs. The briefing aims to foster a dialogue with staff and to engender suggestions for ways to help protect your program from fraud in order to maintain the positive reputation your program has deservedly earned.
Payroll Fraud and Timekeeping
This Fraud Alert provides information obtained through OIG investigations involving payroll fraud, which generally occurs when employees wrongfully manipulate a payroll system to receive payments they have not earned.
ACH Transactions during COVID-19
OIG reviews have revealed that many LSC grantees have been using Automated Clearing House (ACH) transactions, in which payments are transferred electronically from one verified bank account to another. Previously, grantees’ degree of usage varied considerably from program to program.
Top Challenges Related to Covid-19 Emergency Relief and Response Efforts
The Pandemic Response Accountability Committee (PRAC), announced the release of the report entitled, “Top Challenges Facing Federal Agencies: COVID-19 Emergency Relief and Response Efforts” including a section on the Legal Services Corporation.