PERAC Memo #1 - 2022: Fraud Attempt

Fraud Attempt

Summary

This memo alerts all retirement boards to an attempted cyberattack in which a fraudster impersonated a board administrator to obtain funds from the board's custodian. Boards are directed to implement secondary confirmation measures — including phone verification — for all financial and investment transactions, and to treat any messages expressing urgency or requesting wire changes with heightened scrutiny. PERAC urges boards to share the memo with their investment providers and immediately review transaction protocols.

Full Text

TO: All Retirement Boards

FROM: John Parsons, Esq., Executive Director

RE: Fraud Attempt

DATE: January 6, 2022

Please be aware that PERAC was today informed of an attempted cyberattack against a Retirement Board, initiated in the past day. A fraudster impersonated a Board Administrator seeking funds from the Board's custodian. Fortunately, the attempt was thwarted by due diligence on the part of the board and its custodian. Law enforcement has been notified and is investigating.

As a result, please take extra caution with all financial and investment activity. A secondary form of confirmation, including a phone call, should be used in all redemption and transfer transactions. Be critical of any messages expressing urgency or changing customary wire practices. Clearly, extra confirmatory steps and scrutiny should be implemented by boards and their investment service providers in all financial transactions going forward.

Today's actions in notifying PERAC promptly allow us to notify law enforcement and retirement boards immediately and highlight the importance of such a notification process. We would ask that you also provide this memo to your investment providers and review protocols around all transactions.

Thank you for your continued efforts and diligence in this area. Please contact us with any questions.