Welcome to the
Fraud of the Day Website!

Fraudsters Need To Retire Too!

Income-IncomeFraud-IncomeTaxes-18
Senior Director of Strategic Alliances
LexisNexis Risk Solutions - Government

When Quincy Retirement Board Executive Director Lisa McBirney announced in late 2020 she would leave her job as the end of that year she asked all essential parties involved with the Quincy Retirement Fund to make necessary changes for the transfer of responsibility. But apparently no one did that and now the city’s information technology department, retirement board and a manager for Aberdeen Standard Investments have all been blamed for the $3.5 million theft from Quincy’s pension system.

The theft originated on February 18, 2021, months after McBirney left her role, when someone used her still-active email address to send a request to Aberdeen Standard Investment to pull some funds, explaining that the Quincy pension systems “needed some liquidity for investments purposes “. In reality, that investment went right into the fraudsters own pension plan! The Aberdeen representative and the fraudster exchanged several follow-up emails that resulted in the investment manager agreeing to process a $3.5 million fraudulent transfer to an overseas account in Hong Kong. Maybe ask why not a bank in Quincy next time?

The Quincy Retirement Board did not review the trade confirmation notice that Aberdeen sent on April 5, 2021, until October 25, 2021- three days after the city of Quincy notified the state commission that it had discovered the unauthorized transfer by Aberdeen. That gave our fraudster eight months to slowly disappear.

Who is to blame? This is not a trick question! All parties involved could have taken basic steps to prevent the fraud, to detect it sooner. Following city issued policy, the retirement board left McBirney’s email address active after she left to ensure remaining staff could access necessary information, despite industry practices calling for deactivating the accounts of departed employees.  The board also did not update its list of authorized signers- those who can approve transactions- for several months after McBirney left. And none of the banks appeared to be using multifactor authentication software, probably the simplest way to bolster any organizations resilience against fraud and risk.

Kudos to McBirney for leading by example. She seems to be the only one who did her job.

Today’s Fraud of the Day is based on an article “Cybertheft Drained $3.5M From Quincy Retiree Fund” published NBC News Boston on October 20, 2022

The retirement board for thousands of Quincy, Massachusetts, city employees, its investment partners and a bank all missed multiple warning signs or precautionary steps that could have prevented a bad actor from fraudulently transferring millions of dollars overseas, investigators concluded in a report that underlines the cybersecurity risks hanging over the public sector.

Months after the Quincy Retirement Board’s executive director left her role, someone used her still-active work email address in February 2021 to request and execute a $3.5 million transaction from investment manager Aberdeen.

Related Articles

Get Your Fraud Fix!

Five days a week wake up to the most current fraud article in your inbox

Contact Us

Thank you for your interest in Fraud of the Day. For more information, please complete the following form.
To receive the most current fraud articles direct to your inbox, click the Subscribe button above.

"*" indicates required fields

Hidden
Would you like to subscribe to our Blog?
We respect your privacy.
This field is for validation purposes and should be left unchanged.

SUBSCRIBE TODAY

Fill out the form below to receive the Daily Fraud Highlight, the Weekly Fraud Summary or both. Thank you for your interest in FraudoftheDay.com.

"*" indicates required fields

Name*
Subscription Type*
This field is for validation purposes and should be left unchanged.