Tiburon Nanny Arrested for $60,000 Credit Card Fraud

Naghmeh Novbakhtian, a 35-year-old San Francisco resident, was arrested on March 31, 2026, at San Francisco International Airport for allegedly stealing over $60,000 from a former employer in Tiburon. Novbakhtian utilized a credit card intended for childcare expenses to fund international travel and luxury purchases after her employment ended in December 2025.

This isn’t just a story of a betrayal of trust; it is a textbook case of failed internal controls. When a household or a business grants authorized access to capital without a rigorous offboarding process, they create a window of extreme financial vulnerability. The gap between the termination of employment on December 11, 2025, and the discovery of the fraud in late March 2026 represents a critical failure in asset oversight. For high-net-worth individuals and corporate entities alike, this highlights the urgent need for fraud prevention services that automate the revocation of financial access the moment a contract expires.

The Anatomy of an Unauthorized Spending Spree

The scale of the misappropriation was not a gradual leak but a dramatic surge. According to the Tiburon Police Department, the victim was only alerted to the crisis when her credit card company flagged a “dramatic and unauthorized increase in spending.” This suggests the suspect waited until the employment relationship had cooled before initiating the bulk of the fraudulent activity.

The spending profile reveals a deliberate attempt to fund a luxury lifestyle. Novbakhtian allegedly used the card for:

• International airline tickets issued in her own name.
• Stays at luxury hotels.
• Cosmetic and spa services.
• Various retail purchases and ride services.
• Direct electronic payments transferred to accounts associated with the suspect.

The total estimated loss exceeds $60,000. From a forensic accounting perspective, the most egregious element is the utilize of direct electronic payments. This indicates a level of intent that goes beyond impulsive spending; it is a systematic extraction of liquidity.

Trust is not a financial control.

The Enforcement Gap and the SFO Takedown

The timeline of the investigation shows a calculated evasion by the suspect. When Tiburon Police met with the victim on March 26, 2026, to investigate the fraud complaint, Novbakhtian was already outside the United States. This international flight was not a coincidence—it was the result of the incredibly funds she had allegedly stolen.

The resolution came through strategic patience. Investigators tracked her travel schedule and coordinated with federal authorities to ensure she was detained the moment she touched down at San Francisco International Airport at 6:50 a.m. On March 31, 2026. This precision in timing prevented a further extension of the “spending spree” and secured the suspect before she could disappear back into the San Francisco population.

The legal fallout is now escalating. The Tiburon Police Department has forwarded the case to the Marin County District Attorney’s Office. The suspect faces felony charges for grand theft and fraud. However, the investigation is expanding. Detectives are currently examining whether Novbakhtian is linked to other crimes, including a previously reported residential burglary. This suggests a potential pattern of criminal behavior that extends beyond simple credit card fraud.

The Macro Risk: Why Internal Controls Fail

This case serves as a cautionary tale for any entity employing domestic staff or contractors with access to corporate or personal accounts. The “access gap”—the time between an employee’s departure and the cancellation of their financial privileges—is where the most significant losses occur. To mitigate these risks, organizations must implement a strict “Zero Trust” architecture for financial permissions.

The current landscape of financial liability suggests three primary ways these trends are changing how high-net-worth individuals and businesses manage their staff:

• Mandatory Offboarding Checklists: The transition from “trusted employee” to “former employee” must include an immediate, documented audit of all digital and physical financial access points. Failure to do so often results in the need for forensic accountants to trace lost funds after the fact.
• Real-Time Alerting Systems: Relying on a credit card company to eventually flag “dramatic increases” is a reactive strategy. Proactive management requires per-transaction alerts and hard spending caps on all secondary cards.
• Comprehensive Background Vetting: Given the police investigation into a related residential burglary, the importance of deep-dive background checks cannot be overstated. Firms are increasingly turning to corporate legal counsel to draft employment contracts that include stricter indemnity clauses and financial accountability.

The financial damage in this case was $60,000, but the reputational and emotional cost of a breach of trust within a home is immeasurable.

The Bottom Line on Asset Protection

As we move into the next fiscal quarters, the trend of “lifestyle fraud” is becoming more sophisticated. The use of electronic payments to personal accounts, as seen in the Novbakhtian case, shows a shift toward digital asset misappropriation that can happen in seconds. The only defense is a rigid system of checks and balances that removes the human element of “trust” from the equation of financial access.

Whether you are managing a household staff or a multinational corporation, the vulnerability is the same: an open line of credit with no oversight. The goal is to move from a reactive posture—waiting for the police to make an arrest at SFO—to a proactive posture where the fraud is impossible to initiate.

For those looking to fortify their internal controls or recover lost assets, the World Today News Directory provides a curated gateway to the world’s leading risk management consultants and legal experts who specialize in financial recovery and fraud prevention.