Securities Industry Commentator by Bill Singer Esq

May 6, 2021
Some eight years ago, two Raymond James reps decided to work together. Apparently, a goal of the work relationship was to facilitate the contemplated retirement of one of the reps. Then someone may (or may not have) jumped offsides, and the ball was fumbled during the lateral, and then an offensive player picked up the fumbled ball and ran it in for a score -- looking at the field of play, however, we got one ref walking off five yards for an offsides penalty but we got another ref with raised arms calling a touchdown. Same play. Same game. Two different calls.
A federal jury in the United States District Court for the Western District of North Carolina found Donna Graves, 58, guilty of conspiracy to commit wire fraud and money laundering conspiracy; and she was sentenced to 97 months in prison plus two years of supervised release. Co-conspirator Gerald Maxwell Harrison, 54, pled guilty to  wire fraud conspiracy, interstate transportation of stolen property, and money laundering conspiracy; and he was sentenced to three years in prison plus three years of supervised release. Graves and Harrison were ordered to pay, jointly and severally, $298,407.85 in restitution. Co-conspirator Elizabeth Robin Williams pled guilty to wire fraud conspiracy, interstate transportation of stolen property, and money laundering conspiracy and is  awaiting sentencing. As alleged in part in the DOJ Release:

According to filed court documents, evidence presented at Graves' trial and witness testimony, including testimony provided by Harrison, from January 2015 through September 2019, Graves, who was the ringleader of the criminal conspiracy, conspired with Williams and Harrison to engage in a scheme to defraud a victim identified in court documents as "K.T." The victim was an elderly widow who lived alone and suffered from dementia and other physical and mental challenges. During the relevant time period, Graves and her co-conspirators exploited K.T.'s vulnerabilities and defrauded the victim through a web of forged documents, lies, and deceptions.

According to evidence presented at Graves' trial, beginning in 2014, Graves and Williams provided housekeeping services for the victim through a business owned and operated by Graves. Over the course of the scheme, the co-conspirators isolated the victim from her friends and family, induced the victim to give them power and control over her personal affairs, and fabricated a power of attorney purporting to give Graves and Williams control over the victim's financial affairs. Once they gained access and control, Graves, Williams, and Harrison moved the victim out of her residence in Indian Land, South Carolina, first to an apartment in Charlotte, and later to a rental home in Mint Hill, refusing to let the victim's friends and family know where she was living. 

According to court records and trial testimony, Graves, Williams, and Harrison engaged in numerous illegal and unauthorized financial transactions that substantially depleted the victim's money and property. Specifically, the co-conspirators emptied the victim's bank accounts and used the money to pay for personal expenses, and "maxed out" at least one credit card in the victim's name. The co-conspirators also fraudulently transferred or attempted to transfer the victim's Indian Land residence to themselves by creating a quit claim deed purporting to gift the residence to Harrison; they then attempted to sell the residence and intended to split the proceeds amongst each other. They also pawned the victim's jewelry, and they stole the victim's federal benefits. Additionally, Williams unlawfully used the victim's money to set up other businesses in her name, including a business selling handbags online and a business selling weight loss-related services. As a result of the fraudulent scheme, the co-conspirators defrauded the victim of approximately $300,000. 

According to court documents and information presented at today's sentencing hearing, over the course of the scheme, Graves and her co-conspirators failed to provide the victim with proper medical care, which greatly diminished the victim's health. Furthermore, once the victim's money was depleted, the co-conspirators abandoned the victim, who was later moved to a nursing home in New York, where she passed away in large part due to the mental and physical deterioration she had suffered in the hands of Graves and her co-conspirators.
Jordan K. Milleson, age 20, pled guilty in the United States District Court for the District of Maryland to aggravated identity theft, and he was sentenced to two years in prison plus one year of supervised release, and ordered to pay $34,329.01 in restitution. As alleged in part in the DOJ Release:

According to his plea agreement, since at least September 23, 2017, Milleson was a computer "hacker" who accessed computers, networks, and electrometric accounts without authorization to perpetrate fraud schemes.  

As detailed in the plea agreement, between September 23, 2017, and July 29, 2020, Milleson set up Internet domains and fraudulent websites, designed to appear to be legitimate websites belonging to wireless providers, but which were intended to steal account credentials and enabled Milleson and his co-conspirators to access unsuspecting victims' electronic accounts without authorization. Milleson used techniques such as phishing and vishing to deceive victims into visiting the fraudulent websites and providing their credentials to access their electronic accounts.  Victims of phishing attacks were generally contacted by e-mail, phone, or text message by persons purporting to be from reputable companies in order to induce the victims to reveal confidential information.  Vishing is "voice phishing" where imposters use Internet phone services to trick victims into turning over critical financial or personal information over the phone. 

Milleson admitted that he and his co-conspirators used electronic account credentials stolen from employees and affiliates of wireless providers to access those companies' computer networks without authorization.  After obtaining access to these networks, Milleson took over individual victims' wireless accounts through "SIM swapping," whereby customers' mobile numbers, which are linked to unique subscriber identity modules ("SIM"), were instead linked to a SIM installed in a device controlled by Milleson or his co-conspirators.  Once Milleson gained control over the victims' mobile phone numbers, he was often able to also gain unauthorized access to the victims' other electronic accounts, including e-mail, social media, and cryptocurrency accounts.  Milleson and his co-conspirators changed the passwords to the accounts to prevent the victims from accessing their own accounts.                  

As detailed in the plea agreement, Milleson used stolen account passwords to take over social media accounts of Victim 1 and Victim 6, both of whom had thousands of followers and had monetized their accounts through sponsored links, product placements, and product reviews.  Milleson changed the email address and password of the accounts, preventing Victim 1  and Victim 6 from accessing their accounts, and posted material to the victims' accounts without their authorization.  As a result of the takeover Victim 6 lost all of their followers on one of their social media accounts and was unable to advertise to them, losing their "brand deals," the proceeds of which had been used to pay for college tuition, transportation, and groceries.

Milleson also admitted that, using a fraudulent website hosted at the domain Milleson registered, Milleson stole the login credentials of Victim 2, an employee of a third-party retailer for a wireless provider, who had access to the wireless provider's computer networks. Milleson and others used the credentials of Victim 2, to gain access to the provider's computer network system and execute SIM swapping attacks, taking control of the wireless calls and text messages sent to the accounts of Victim 3, Victim 4, and Victim 5..  This swapping attack resulted in the transfer of approximately $19,029.48 in digital currency from accounts belonging to Victim 3 and Victim 5.  In addition, Victim 4 had a social media account with a two-character username, coveted by other social media users for its uniqueness and simplicity. On about June 25, 2019, Milleson took unauthorized control of Victim 4's social media account. On January 25, 2020, Victim 7's mobile phone stopped working as a result of a SIM swapping attack. Soon thereafter, Victim 7's personal email password was reset without authorization. An unauthorized user then accessed Individual Victim 7's account on a digital currency exchange and stole digital currencies worth approximately $12,300 at the time.

On June 26, 2019, a co-conspirator anonymously called the Baltimore County Police Department and falsely reported that he, purporting to be a resident of the Milleson family residence, had shot his father at the residence.  During the call, the co-conspirator, posing as the purported shooter, threatened to shoot himself and to shoot at police officers if they attempted to confront him.  This call was a "swatting" attack, a criminal harassment tactic in which a person places a false call to authorities that will trigger a police or special weapons and tactics (SWAT) team response-thereby causing a life-threatening situation. 

Following his indictment, Milleson's home was searched on June 29, 2020.  Review of the devices seized from Milleson at that time showed that they were used to complete two-factor authentication password resets for several digital currency account and contained login credentials and passwords belonging to Individual Victims 1 and 6.  Investigators also recovered incriminating messages between Milleson and his co-conspirators that detailed the group's methodology of account infiltration and cryptocurrency theft.
There's Raymond James Financial Services, Inc. There's Raymond James & Associates, Inc. You even got the Raymond James Stadium. That's a lot of Raymond Jameses -- that's a lot of Ray Jay. Sometimes having a number of subsidiaries and affiliates share a name in a big organization is a good thing. It's called branding. On the other hand, sometimes re-using a brand can cause confusion. Finally, a federal appellate court tries to explain that what's temporary (as in a restraining order) may prove to be a somewhat unappealing bit of permanence.
Imagine that you got a stockbroker. Imagine that you got an elderly customer. Imagine that the client drafts a Will. Now imagine how the intersection of the stockbroker and customer could raise all sorts of troubling issues and how difficult it becomes to police potential misconduct or prevent abuse. What's the best regulatory approach? What's the best compliance policy? What happens when a customer sincerely wants to bestow a benefit upon a stockbroker via a bequest? What if the stockbroker never had a clue? What if the stockbroker did?