Gale Brewer has lengthy been one of many metropolis’s best-known elected officers.
In the summertime of 2022, she was beginning her second stint as a Metropolis Council member for the Higher West Aspect, after eight years as Manhattan borough president. Virtually all people concerned in civic issues had identified her for many years. At instances, she attended so many public conferences, it appeared she had the power to look in two locations directly.
After which at some point, she was.
Whereas Councilmember Gale Brewer was going about her metropolis enterprise, somebody purporting to be Gale Brewer requested a $32,980 mortgage from the pension fund for metropolis staff referred to as the New York Metropolis Employment Retirement System (NYCERS). The mortgage was authorized immediately, and the cash shortly transferred to an account listed as hers.
The true Gale Brewer had no concept this had occurred. And by the point NYCERS discovered they’d been scammed by some unknown miscreant masquerading as Brewer, it was too late.
The cash was gone.
“It was stunning,” Brewer informed THE CITY. “In the event that they hadn’t observed it, I’d by no means have identified, as a result of I by no means use that account. I’ve by no means touched it, and I’ve had it because the Seventies or 80s. Unexpectedly, there’s a big mortgage. I couldn’t consider it.”
Brewer was certainly one of 33 NYCERS pensioners whose accounts have been hacked since 2020 by grifters who managed to redirect pension checks or acquire rip-off loans, in keeping with Division of Investigation information obtained by THE CITY by way of the Freedom of Data Legislation.
The paperwork point out NYCERS authorized not less than $276,000 in bogus loans by way of 2022, with taxpayers footing the invoice. And the losses are anticipated to develop: DOI is investigating a dozen extra allegations of NYCERS fraud between 2023 and final 12 months.
In every case, the gateway for larceny was MyNYCERS, a portal arrange at the beginning of the pandemic to permit the 430,000 members of the nation’s largest municipal worker retirement system to handle their accounts on-line.
Amongst different options, the system permits members to replace dwelling and e mail addresses and beneficiaries, to reroute checks to totally different financial institution accounts and to use for loans. Nearly from the beginning, alarm bells started ringing about MyNYCERS’ potential vulnerability to theft.
DOI quickly “observed a regarding improve in tried fraud, significantly unauthorized entry to member accounts,” Ann Petterson, a senior inspector normal at DOI, wrote to the Brooklyn District Lawyer’s workplace.
Within the first three years of MyNYCERS, “DOI was notified of 21 situations wherein fraud occurred, leading to $270,000 in losses to town,” Petterson wrote in a June 2023 letter to then-NYCERS Govt Director Melanie Whinnery.
From 2023 by way of final 12 months, DOI has fielded a dozen extra fraud notices. DOI officers declined to quantify the losses from the latest fraud actions, saying they have been the topic of ongoing investigations.
In a single 2021 case, when a fraudster scammed a $95,000 mortgage, Petterson wrote to Whinnery, “Though the member didn’t undergo any monetary loss, (there was) an roughly $95,000 loss to town.”
That very same 12 months, one scammer obtained a $50,000 mortgage by way of the account of an $18-an-hour Division of Training college aide. One other pocketed a $50,000 mortgage by way of the account of a New York Metropolis Transit Authority employee.
Bogus Brewer
Councilmember Brewer’s saga started on March 25, 2022, when somebody claiming to be her known as NYCERS to say they have been having issues submitting a mortgage utility on-line. The caller later relayed to NYCERS that the system was now working, indicating they’d obtained the requested mortgage utility.
A couple of weeks later, the imposter tried a unique tactic, submitting a type on-line that requested Brewer’s pension funds be redirected to a GO2Bank cell account. NYCERS declined as a result of Brewer continues to be an energetic worker and was not but eligible to start accumulating her pension. A second try to vary financial institution accounts additionally was rejected.
Then on Might 1, a type was submitted designating an individual named “Heidie Perez” as a beneficiary of Brewer’s account. The tackle listed for the beneficiary was Brewer’s tackle, however the social safety quantity and beginning date belonged to Brewer’s husband. The cellphone quantity and e mail tackle on the shape have been fraudulent.
Regardless of these indicators of duplicity, on June 27, a mortgage utility was filed for $32,980 utilizing Brewer’s account. NYCERS transferred the requested quantity inside two days to an account at Areas Financial institution listed below Brewer’s title.
Per week later, NYCERS — for causes a spokesperson wouldn’t talk about with THE CITY — determined the mortgage obtained by “Brewer” was bogus, and tried to claw it again. By then, nevertheless, the checking account wherein the cash had been deposited was now practically empty, DOI information state.
Due to this breach, NYCERS suspended Brewer’s account, requiring her to offer documentation to confirm that the account’s exercise going ahead was professional.
“All I did was observe the instructions. You must freeze your account. You must go to the cops and get paperwork. It took hours,” she stated. “I needed to get a whole lot of issues notarized.”
NYCERS, she made a degree of claiming, “couldn’t have been nicer.”
Wrongdoer Nonetheless At Massive
DOI’s pursuit of the perpetrator, nevertheless, didn’t go so properly.
The IP tackle of an e mail linked to the Areas Checking account was tied to a metropolis Parks Division worker who informed DOI that her account had been hacked throughout a previous T-Cell information breach.
DOI subpoenaed Areas and located the account had been opened below the title Gale Brewer, however included a signature card with an e mail tackle and cellphone quantity that weren’t related to her. DOI then subpoenaed information from Microsoft and Apple, which related the tackle and cellphone quantity to a person in Tampa named Scobey.
In accordance with an inside April 2025 DOI memo, investigators couldn’t join the IP tackle utilized by that particular person on to the mortgage exercise, thus they couldn’t refer the case to prosecutors for prison prosecution.
In January 2024, DOI did refer six people who had been accused of ripping off the system to Brooklyn District Lawyer Eric Gonzalez, together with two who had every pocketed $50,000 loans. The DA declined to prosecute any of them.
Requested in regards to the lack of prosecution, spokesperson Oren Yaniv said, “We take any allegations of official misconduct very critically and investigated these issues completely, however jurisdictional and evidentiary points preclude prosecution.”
Faux Types
Final 12 months, Gonzalez did prosecute Gregory Mathieu, then an affiliate retirement advantages examiner assigned to the NYCERS pension verification unit. Mathieu was charged with diverting $624,000 from two deceased retirees to accounts he managed from February 2021 by way of January 2024.
DOI discovered that Mathieu had been in a position to reactivate the account of a Sanitation Division supervisor who died in 2018 by forging a handwritten type claiming to be from the deceased metropolis worker. This triggered NYCERS to authorize $225,000 in rapid retroactive funds, made in month-to-month installments of $99,999.
The primary installment robotically went to the checking account of the deceased sanitation employee that NYCERS had on file, however that account had been closed way back. Mathieu then arrange a web based account within the lifeless pensioner’s title, DOI discovered, and when checks issued by the comptroller have been returned, Mathieu switched to have the funds robotically transferred by way of MyNYCERS to the account electronically.
With a second pensioner who was nonetheless alive however who had stopped responding to NYCERS inquiries for a 12 months, prosecutors say Mathieu created a type directing that his month-to-month funds go to the identical account he’d created for the deceased worker by way of digital fund transfers.
Mathieu seems to have entered the company’s mailroom to surreptitiously place the shape in an envelope he then timestamped to make it look like it got here from the pensioner. DOI famous that NYCERS protocols don’t require account verifications for digital fund transfers acquired by mail.
Mathieu was sentenced in September to as much as 3 years in jail and agreed to pay $511,000 in restitution.
That very same month, DOI made 11 suggestions for reform, together with conducting audits of accounts suspended for greater than three years to make sure a member continues to be alive.
DOI information point out NYCERS accepted many of the suggestions absolutely, however solely partially accepted three ideas, together with one to develop inside fraud algorithms primarily based on threat indicators that alert workers to duplicate financial institution accounts and requests to high-risk banks.
In response to THE CITY’s questions, Rachel Assisi, deputy director for communications at NYCERS, declined to handle queries about particular accounts, together with Brewer’s.
“When NYCERS found a number of situations of fraudulent exercise in 2021, we notified DOI, who investigated these incidents,” Assisi stated. “Subsequent to those incidents, NYCERS proactively strengthened safety controls, which has resulted in a dramatic lower in fraudulent exercise.”
Assisi famous that the system is shifting to totally embrace all of DOI’s reforms, together with “implementing extra inside fraud algorithms and figuring out extra strategies to authenticate our shopper transactions.”
“NYCERS continues to collaborate with DOI and has applied the vast majority of their suggestions,” she stated.
