Agencies collaborated to recapture $10.3 million owed to Chester Upland School District

Chester, PA — Pennsylvania Treasurer Stacy Garrity and Delaware County District Attorney Jack Stollsteimer have announced the results of a long and complex investigation into the attempted theft of millions of dollars in state aid from the Chester Upland School District (CUSD). The scheme involved hacked email accounts, a Florida resident enticed into a romance scam, and crypto currency – all in an elaborate effort to steal and then launder millions in state aid intended for the CUSD.

“My highest priority is serving as a fiscal watchdog to protect taxpayer funds,” Treasury Garrity said. “That includes taking every possible step to prevent fraud. In this case, my team and I were pleased to work closely with District Attorney Stollsteimer and others to recover $10.3 million for the Chester Upland School District. This incident should serve as a reminder to everyone – government agencies, businesses, nonprofits, and ordinary citizens – to always be on the alert for cybercriminals and fraudsters.”

“Thanks to quick action by the Treasurer’s office, this audacious attempt to steal from the school children of Chester and the taxpayers of the Commonwealth was thwarted,” said District Attorney Stollsteimer. “The scope and complexity of the scheme are, however, alarming and remind us all of the importance of keeping our technology protected, as well as the perils of conducting financial transactions with – or on behalf of – individuals unknown to you.”

“The Chester Upland School District is very pleased that $10 million of the $13 million that was intercepted from the District has been recovered and returned to the District,” said Nafis J. Nichols, receiver for CUSD. “At the same time, we are hopeful that the additional missing $3 million that the District was to receive in state funding will be returned to Chester Upland. Our District faces significant economic challenges, and we are doing our best to allocate as much money as possible to our classrooms and to providing adequate and appropriate staffing. An additional $3 million can make a significant difference for our students. We are also exploring our options with our insurance carrier.”

In February 2021, the Treasurer’s office was advised by one of its banking partners that a payment request for about $8.5 million from the Pennsylvania Department of Education (PDE) was flagged as being potentially fraudulent. This came after several other payment requests from PDE had already been processed and paid to an account thought to belong to CUSD. Treasury worked quickly to identify misdirected funds, alerted the proper agencies of their findings, and pursued a recall of the misdirected payments. As a result of that quick response, Treasury was able to recapture about $10.3 million in misdirected funds.

Detectives Edward Silberstein and Detective Sergeant Joseph Hackett from the Delaware County Criminal Investigation Division (CID) uncovered a complex, two-part scheme that allowed international fraud rings to misdirect the state education funds intended for CUSD.

CID detectives identified that, in the first part of the scheme, CUSD email systems had been compromised by a sophisticated hacker. The hacker then used the compromised CUSD email account to forward a bank account change to PDE, thereby diverting future PDE payments intended for the school to the account specified by the hacker.

Further investigating the channels of the misdirected funds, CID detectives determined that the second part of the scheme employed the use of a money mule to funnel the misdirected funds to other individuals. Money mules are people who, at someone else’s direction, receive and move illegally acquired money.

CID identified, tracked down and interviewed a Florida resident who served as the money mule in this case. Through that investigation, it was determined that the individual, recently widowed, had fallen prey to a romance scam. At the direction of her supposed love interest, the widow moved money through her accounts to individuals overseas through bank transfers and the purchase of cryptocurrency. In reality, the love interest was nothing more than a fictitious personality with a narrative that snared the widow on an online dating platform. The widow was then coached on how and when to move the stolen funds through bank accounts and into cryptocurrency, thereby completing the sophisticated theft of PDE funds that began with the email hack at CUSD.

“By using a widow as a conduit, and by directing that funds be transferred using cryptocurrency, the individuals behind this scheme obscured their identity and made tracing the funds far more complex. However, by working collaboratively with the state’s fiscal watchdogs, we were able to prevent criminals from obtaining $10.3 million intended for our school children,” District Attorney Stollsteimer said. “Our investigation has determined that this scheme is tied to individuals in Nigeria, and we have alerted all relevant federal authorities in furtherance of the international investigation.”

Shortly after the Treasury learned of these fraudulent payments, a system designed to detect suspicious transactions and prevent fraud was implemented in the Governor’s Budget Office’s Bureau of Payable Services of Comptroller Operations. Account Verification System (AVS) is a fraud prevention tool that can help catch similar fraudulent transactions and would have likely raised concerns and stopped the fraudulent payment requests from being sent to Treasury in the first place.

As part of the Fiscal Code approved alongside the 2022-23 state budget, Treasury was authorized to implement AVS for all Treasury payments. Within 18 months of the law taking effect, every agency, board or commission for which Treasury makes payments will choose an approved vendor to use for its payments. Treasury will update the list of approved vendors every two years.

“This truly was a team effort and could not have been possible without the help of the Delaware County District Attorney’s office and its detectives, the Bureau of Payable Services Office of Comptroller Operations, and the staff at Treasury,” Treasurer Garrity said.

The FBI has published online guidance about “money mules” and “romance scams.”  A money mule is someone who transfers or moves illegally acquired money on behalf of someone else. Romance scams occur when a criminal adopts a fake online identity to gain a victim’s affection and trust in order to use the illusion of a romantic or close relationship to manipulate and/or steal from the victim.

If an online contact or companion, whom you have never met in person, asks you to receive money and then forward these funds to one or more individuals you don’t know, you may be a money mule and/or the victim of a romance scam. If this happens to you, you should:

  • Immediately report any suspected activity to your banking institution and the FBI at a local field office or an FBI Internet Crime Complaint Center (IC3) at ic3.gov if you believe you are a money mule or the victim of a romance scam. Immediate reporting may allow you to claw back fraudulently transferred funds.
  • Criminals often target students, those looking for work, or those on dating websites, but anyone can be approached to be a money mule.
  • Never share your personal financial or banking information with anyone and be especially cautious with anyone you meet through work-from-home job opportunities, dating sites, and social media sites. Legitimate people and companies do not ask you to transfer money through your personal bank accounts on their behalf.

 

Media contacts:

Samantha Heckel, Press Secretary (Treasury), 717-418-0206 or sheckel@patreasury.gov
Margie McAboy, Director of Policy and Public Engagement (Delaware County District Attorney’s Office), 610-579-0429 or McAboyM@co.delaware.pa.us