Click here for important updates to our privacy policy.
CRIME

How Red Lion borough lost $65,000 to a phishing scam — and how you can protect yourself

Portrait of Anthony Maenza Anthony Maenza
York Dispatch

An Indiana woman faces felony charges in connection with an alleged phishing scheme that resulted in the theft of more than $65,000 from Red Lion borough, police say.

Phishing is the fraudulent practice of sending emails or other messages purporting to be from reputable companies in order to induce individuals or organizations to reveal personal information. According to the Federal Trade Commission, Pennsylvanians lost $224 million to scammers in 2023 — although that estimate is likely lower than the actual figure given the fact that such crimes often go underreported.

In Red Lion, the theft was discovered in May 2024, prompting a Pennsylvania State Police investigation. Robbie Ann Golston-McNair, 51, was ultimately charged with receiving stolen property and engaging in financial transactions with the knowledge that the property was obtained via unlawful activity. 

Traffic along South Main Street in Red Lion Borough, Thursday, Feb. 9, 2023. Dawn J. Sagert photo

Red Lion Borough Manager Michelle Poole said the borough was fortunate to be insured and was able to recover the funds stolen. Poole said that the borough employees that were in place when the phishing scheme took place are no longer with the borough.

>> Please consider subscribing to support local journalism.    

Poole, who was assistant borough manager at the time, said she was only a peripheral observer when the phishing scheme happened. 

“I can tell you that I remember the previous treasurer saying, ‘I’ve got to pay this bill and they're not taking a check’ and the manager and her discussing it," she said, "and her rushing off to the bank. Then, the next thing I knew, I found out it was a phishing scheme.” 

Red Lion Borough Hall

Poole said borough officials were as shocked as anyone when they saw on social media that authorities had found the person who is allegedly responsible. She said investigators had not informed the borough about any progress made in the investigation. 

“At this point, if they get the money back, it will be paid to the insurance company and not to us,” she said. 

Since Poole started as borough manager, safety meetings are held and safety training is done monthly with borough personnel.

"Safety training includes cybersecurity," Poole said.

Borough personnel are trained on not only security pertaining to borough email accounts, but personal email accounts as well.

"All of us have to be cautious about everything we respond to," Poole said.

According to court documents, the borough had been ordered by a judge to pay the fees to Navarro & Wright Consulting Engineers Inc., who had been secured by the owner of a warehouse who claimed that a parking lot the borough built next to his warehouse had caused structural damage to the building. The engineers had been hired by the warehouse owner and the borough to examine the issue. The engineering company was represented by the law firm Siana Law and acted as a go between with the engineering company and the borough.  

Beginning on March 27, 2024, the borough had been in contact with someone via email saying they were with Siana Law and needed to collect on an invoice on behalf of Navarro & Wright. 

>> Please consider subscribing to support local journalism.    

Bank routing information was sent to the borough so that the wire transfer could be performed. On April 12, a wire transfer was completed to that bank account.  

When the borough emailed the real person at Siana Law, borough officials found the emails they were sent were not from the real person’s email and the borough may have been the victim of wire fraud. Siana Law confirmed with Navarro & Wright they had not received any payment from the borough on any invoices. 

The investigation found that the fraudulent emails sent to the borough were from an address that was slightly different from Siana Law’s email address. 

Between March 22 and May 29, emails were exchanged between both legitimate and fraudulent persons, with the fraudulent persons representing themselves as legitimate employees of Siana Law and Navarro & Wright Consulting Engineers Inc. in those emails. 

Further investigation found the registered mailing address for email domain of the fraudulent email accounts was in Iceland. The fraudulent email accounts for both Navarro & Wright and Siana Law had been registered on March 19, 2024. 

Investigators, using bank records, eventually traced Red Lion borough’s wire transfer to Golston-McNair’s bank account. 

A bank statement allegedly indicated that on April 12, a wire transfer for more than $65,000 was placed in the account. The statement also indicated more than $135,000 in deposits and more than $135,000 in withdrawals had allegedly been made between March and April. The rapid movement of large sums of money into and out of this account is indicative of money laundering activity, police say. 

Bank records allegedly indicated there were also other large sums of money going in and out of the account. 

In February of this year, investigators talked with Golston-McNair, who allegedly told them she was aware of the wire transfers going into the account. She told investigators via voicemail she wouldn’t talk to investigators without having an attorney present but left no information about her attorney.  

A letter was sent to Golston-McNair regarding the investigation on Feb. 25, but as of Thursday, March 20, no response had been received. 

Court records indicate the case against Golston-McNair is inactive.

According to the FTC, scammers often use email or text messages — often from institutions that the recipient knows or trusts — to steal passwords, account numbers or Social Security numbers.

>> Please consider subscribing to support local journalism.    

People can avoid getting scammed by looking for key indicators — even if the header appears to be from a company the recipient knows.

  • The message has a generic greeting.
  • The message says the account in question is on hold — for example, because of a billing problem or suspected fraud.
  • The message invites the recipient to click on a link to update payment details or make an emergency payment.
  • It's best practice to contact the institution directly if you're not sure if the message is from a scammer. Call the organization on a phone number you know is correct or log into the website without clicking on any links.

Here are some ways people can protect themselves from phishing, according to the FTC:

  • Protect your computer by using security software. Set the software to update automatically so it will deal with any new security threats.
  • Protect your cell phone by setting software to update automatically. These updates could give you critical protection against security threats.
  • Protect your accounts by using multi-factor authentication, which will force you to login in using a passcode, PIN or one-time verification code via a secondary device. Multi-factor authentication makes it harder for scammers to log in to your accounts if they do get your username and password.
  • Protect your data by backing it up. Back up the data on your computer to an external hard drive or in the cloud. Back up the data on your phone, too.

If you received a phishing email, you can forward it to the FTC's Anti-Phishing Working Group at reportphishing@apwg.org. Text messages can be forwarded to SPAM (7726). Phishing attempts can also be reported to the FTC at https://reportfraud.ftc.gov/.

Poole said she's glad the authorities were able to find the person responsible for the theft in Red Lion. 

“It’s so sad that these days everybody can fall victim to that stuff,” she said. “Every time I read a text or a message from that says it's from your bank or whoever, you say to yourself should I do that or not do that. It’s very sad.” 

>> Please consider subscribing to support local journalism.