Fraud Alerts and Best Practices

As part of the Office of Inspector General fraud prevention program, we provide fraud alerts detailing common fraud schemes and patterns identified through our investigative program that affect the LSC grantee community. We aim to help increase grantees’ awareness of fraud and abuse trends that may pose a risk to LSC funds by summarizing the schemes and providing recommendations, including best practices, sample policies, and proper procedures for fraud prevention.

Fraud Alerts and Other Guidance

Hotline Advisory: Protecting Your Organization Against Business Email Compromise and Payroll Fraud Schemes (June 13, 2023)

In a continuing effort to assist Legal Services Corporation (LSC) grantees and subgrantees in detecting and preventing cyberattacks, the Office of Inspector General (OIG) for LSC is issuing this Hotline Advisory to notify grantees of two recent Business Email Compromise (BEC) frauds perpetrated against LSC grantees. In this advisory, the OIG provides updates on BEC schemes and emerging BEC threats as well as details on how the two recent direct deposit BEC schemes were perpetrated on LSC grantees. We also offer best practices for detecting and preventing BEC schemes, such as the recent BEC payroll schemes and others, and provide grantees with the Federal Bureau of Investigation’s (FBI) guidance on reporting BEC schemes. Taking action to protect yourself against these threats will help you mitigate financial, cybersecurity, and reputational risks.

Hotline Advisory: StopRansomware.gov – Ransomware Threat Resource (March 20, 2023)

In a continuing effort to assist Legal Services Corporation grantees and subgrantees in preventing cyberattacks, the Office of Inspector General is issuing a Hotline Advisory to notify grantees of a U.S. Government resource and initiative aimed at protecting American businesses and communities from ransomware attacks.

Fraud Alert: Diversion of Clients for Legal Services (March 07, 2023)

The Office of Inspector General for the Legal Service Corporation (LSC) recently completed a significant investigation involving a diversion of clients for legal services scheme at an LSC grantee. Client diversion occurs when a grantee employee, contractor, or volunteer diverts clients seeking free legal assistance from the grantee to themselves or an associate for personal gain.

Hotline Advisory: Recent Phishing Attacks — Intuit QuickBooks Alert (August 29, 2022)

As part of its Hotline Advisory Alerts, the Office of Inspector General (OIG) for the Legal Services Corporation (LSC) is notifying grantees with the following information on recent phishing/malware attacks on businesses that use Intuit QuickBooks. We understand that some LSC grantees use QuickBooks.

Security notices from Intuit advised of several cybercrime phishing schemes against QuickBooks users. In a notice dated May 25, 2022, Intuit warns of one scheme where the user is told by the perpetrator that a temporary hold was placed on their account pending verification of account information. In a notice dated April 28, 2022, Intuit warns of another scheme where the perpetrator confirms receipt of payment by the user for a fake invoice. The messages then direct the account holder to click on a link or to complete verification, resulting in the downloading of malware or offer a phone number where scammers are prepared to extract valuable personal or financial data from the caller.

Hotline Advisory: Outside Employment During Remote Work (May 11, 2022)

The Office of Inspector General (OIG) for the Legal Services Corporation (LSC) is informing you of a recent case involving an attorney who was employed simultaneously (full-time) at two different LSC funded programs. The attorney did not disclose the dual employment to either grantee in violation of grantee policies.

Hotline Advisory: BEC Schemes Targeting Grantee Financial Institutions (February 18, 2022)

The FBI defines BEC schemes as scams that target businesses that regularly perform wire transfers by compromising official email accounts in an attempt to conduct unauthorized fund transfers. This recent BEC scheme is the first reported scheme that has identified and targeted an LSC grantee’s financial institutions in order to gain unauthorized access to their accounts (including both banking and investment accounts).

Fraud Alert: Prompt Reporting of Potential Fraud Indicators to the OIG (September 20, 2021)

The OIG recognizes that many grantees implement strong internal controls in your programs. This Fraud Alert is being issued to grantees to inform you of fraud indicators uncovered by OIG investigations since 2018 and to highlight the importance of grantee employees alerting the OIG to potential indicators of fraud, waste, and abuse of program funds. In doing so, the OIG intends to help prevent your program from being a victim of fraud.

Recent Increase in Check Fraud Scams Hotline Advisory (August 25, 2021)

The OIG has been investigating check fraud scams affecting grantees for nearly a decade. However, of late, these scams have been occurring more frequently and have become more sophisticated.

Hotline Advisory on Recent Phishing and Randsomware Attacks (July 13, 2021)

The LSC OIG is issuing this advisory to remind grantees of the threat posed by phishing schemes and ransomware attacks, and to alert you to recent schemes targeting LSC grantees. One recent phishing scheme involved an email that was sent to a grantee employee containing a link embedded with malware. The phished employee clicked the link, which allowed the perpetrator to gain access to the system and encrypt all the program's data.

Hotline Advisory: Grantee Mitigates Impact of a Ransomware Attack (May 06, 2021)

Ransomware attacks are on the rise for all types of industries. Common causes of ransomware attacks include spam or phishing emails, employees being deceived, weak passwords and related access management issues, and employees accessing malicious websites.

Special Fraud Advisory - Business Email Compromise Scheme (December 14, 2020)

The OIG believes that the LSC community is at risk of being targeted by BEC schemes. We ask grantees to make their employees aware of the known threat and provide them with the resources included in this advisory.

Ransomware Attacks Fraud Alert (October 02, 2020)

The OIG Hotline has recently received several reports of ransomware attacks directed at grantee IT networks. The perpetrators of these attacks exploited weaknesses in grantees’ IT infrastructure to disrupt grantee access to data, financial records, and sensitive client information, or to disable servers and back-up servers, pending payment of a ransom.

Payroll Fraud and Timekeeping (September 01, 2020)

This Fraud Alert provides information obtained through OIG investigations involving payroll fraud, which generally occurs when employees wrongfully manipulate a payroll system to receive payments they have not earned.

Local Travel (March 07, 2019)

(Fraud Alert)

Unauthorized Outside Practice of Law (July 31, 2018) (Fraud Alert)

Grantees’ Prompt Reporting of Potential Fraud Indicators (March 28, 2018) (Fraud Alert)

Outside Employment (August 09, 2017) (Fraud Alert)

Computer Warning Banner (May 30, 2017) (Fraud Alert)

Client Trust Accounts (October 19, 2015) (Fraud Alert)

Subgrant Capstone Report (October 01, 2015)

(Capstone Report)

Single Audit Information Service (June 01, 2015)

LSC OIG Alert Calls for Effective Conflict of Interest Policies

Conflict of Interest Policy (April 22, 2015) (Fraud Alert)