- Executive Summary
The Department of Homeland Security did not comply with the Improper Payments Elimination and Recovery Act of 2010 (IPERA) because the Department did not meet two of the six requirements. Specifically, the Department omitted the percent of recaptured amounts from the Other Information section in its Agency Financial Report and did not meet its annual reduction target established for one of eight programs deemed susceptible to significant improper payments.The Department also did not comply with Executive Order 13520, Reducing Improper Payments, because DHS did not make available to the public its Quarterly High-Dollar Overpayment report for the second quarter of fiscal year 2018.Report NumberOIG-19-43Issue DateDocument FileFiscal Year2019
- Executive Summary
DHS expanded the Insider Threat Program from monitoring user activity on its classified networks to monitoring cleared and non-cleared employees’ activity on unclassified networks. We initiated a project to determine Insider Threat Program progress in monitoring, detecting, and responding to malicious insider threats on unclassified DHS systems and networks. Before continuing its planned expansion of the Insider Threat Program, DHS needs to address several deficiencies that may hinder program effectiveness and efficiency. Although the expanded program was approved in January 2017, the Office of the Chief Security Officer has yet to revise, obtain approval for, and reissue required documentation.Report NumberOIG-19-42Issue DateDocument FileFiscal Year2019
- Executive Summary
This report presents the results of KPMG LLP’s (KPMG) work conducted to address the performance audit objectives relative to the Audit of Department of Homeland Security’s Fiscal Year 2017 Conference Spending. KPMG performed the work during the period of September 18, 2017 to August 30, 2018, and our scope period for testing was October 1, 2016 through September 30, 2017. KPMG LLP (KPMG) found that DHS management has policies and procedures over conference spending and reporting, improvements are needed. KMPG made seven recommendations to improve conference spending reporting.Report NumberOIG-19-39Issue DateDocument FileFiscal Year2019
For Information Contact
Public Affairs 202-981-6000
For Immediate ReleaseDownload PDF (89.81 KB)
The U.S. Department of Homeland Security (DHS) Office of Inspector General (OIG) is issuing this fraud alert to warn citizens of recent reports that publicly available law enforcement telephone numbers, including those of DHS OIG Field Offices, are being used in a two-part spoofing scam targeting individuals throughout the country.
Part 1: The perpetrator befriends a victim using a mobile app that has a built-in chat feature, such as Facebook Messenger or Words with Friends. Alternatively, the perpetrator feigns romantic interest and pursues the victim through online dating services or chat rooms. After gaining the victim’s trust through the online relationship, the perpetrator describes a minor hardship and persuades the victim to send them a small amount of money.
Part 2: The next day, the victim receives a phone call from a fraudster claiming to be an employee of DHS or another law enforcement organization. The fraudsters will spoof the caller ID of a legitimate law enforcement phone number. The fraudster tells the victim that the funds they provided the day before went to a criminal organization or terrorist group, such the Islamic State in Iraq and Syria (ISIS) or Al-Qaeda, and threatens them with arrest and imprisonment. They then direct the victim to contact a “lawyer” who can help them resolve the matter. The victim contacts the “lawyer” via email or phone and is instructed to pay them $1,000 or more via check, wire transfer, or other methods as a “retainer.”
DHS OIG takes this matter very seriously. While we investigate the situation, we remind the public that law enforcement and other U.S. Government numbers may be subject to spoofing. Individuals receiving phone calls from these numbers should not provide any personal information. Legitimate law enforcement callers will never ask you to pay fines over the phone or request money from you. If there is a question about the validity of a call, we encourage the public to call the relevant field office number of the government agency and ask to be put in touch with the individual who called you.
Anyone who believes they may have been a victim of this scam is urged to call the DHS OIG Hotline (1-800-323-8603) or file a complaint online via the DHS OIG website www.oig.dhs.gov. By asking the perpetrators for a phone number or email address you can use to contact them to facilitate payment, you may be able to obtain valuable information that could assist DHS OIG investigate the scam.
You may also contact the Federal Trade Commission to file a complaint and/or report identity theft.
- Executive Summary
We determined that DHS' information security program for Top Secret/Sensitive Compartmented Information intelligence systems is effective this year as the Department achieved “Level 4 – Managed and Measurable” in three of five cybersecurity functions, based on current reporting instructions for intelligence systems. However, we identified deficiencies in DHS’ overall patch management process and the Cybersecurity and Infrastructure Security Agency’s weakness remediation and security awareness training activities.
We made one recommendation to the Office of Intelligence and Analysis and two recommendations to the Cybersecurity and Infrastructure Security Agency to address the deficiencies identified. DHS concurred with all three recommendations.Report NumberOIG-19-34-UNSUMIssue DateDocument FileOversight AreaKeywordsFiscal Year2019