A scammer who convinced some of the world’s biggest tech businesses to send him replacement kit has been sentenced to seven years and eight months in the US prison system.
Justin David May, 31, used stolen hardware serial numbers, a plethora of fake websites and online identities, social engineering tactics, and a network of associates, to scam Cisco out of nearly $3.5m in hardware in just 12 months.
Microsoft lost 137 Surface laptops (retail cost $364,761) to the crew, with Lenovo US also losing 137 replacement hard drives worth $143,000 and APC (formerly American Power Conversion) getting scammed out of a few uninterruptible power supplies. May pled guilty to 42 counts of mail fraud, 10 counts of money laundering, three counts of interstate transportation of goods obtained by fraud, and two counts of tax evasion.
“May and his co-conspirators undermined the warranty process which exists to support honest consumers. They profited from this complex scheme while defrauding these companies and the federal government,” said Michael Driscoll, special agent in charge of the FBI’s Philadelphia division.
“Through the hard work and collaborative efforts of the FBI and IRS, this sentencing sends the message to those who seek to make a profit through fraud and deception, that this conduct bears significant consequences.”
In the largest scam against Cisco, run from April 2016, according to court documents [PDF] filed in eatern district court of Pennsylvania, May and the team set up domains and email addresses to mimic cisco.com user IDs and harvested serial numbers of legit machinery.
They then used these to trick Cisco into sending out replacement kit, such as a Cisco Catalyst 3850-48P-E Switch worth around $21,000 at the time, and a couple of Cisco ASR 9001 routers priced at over $100,000 for the pair.
Systemic failings
The same scam worked well for Microsoft and Lenovo too, it seems. The court docs note that May was skilled at picking imaginary faults that weren’t remotely repairable, such as basic software issues, but which were more obvious as serious flaws needing a replacement unit. In addition the crew digitally altered images of their supposed kit and serial numbers to fool support staff.
Once the hardware was received, usually via UPS or FedEx, the companies never got the faulty kit back because it never existed. Meanwhile the packages were picked up, sold on eBay and other second-hand sites, and the cash pocketed, or in the case of Microsoft, some of the hardware shipped to Singapore for resale.
These weren’t overly sophisticated crooks – May deposited some checks in his personal account, although he also used check cashing shops to get hard currency. The Feds say some of this was used to drive a 2017 BMW Coupe, and a large amount of cash was found at his home.
The key to the scam appears to have been persistence and tailoring – it took hundreds of support requests to get the kit, but the hit rate was surprisingly high. In Cisco’s case, 368 false warranty claims worked at least 252 times, and with Lenovo 216 ThinkPad hard drive warranty claims were made, only being turned down 23 times.
“Warranties are designed to make consumers whole by replacing faulty products, not to be exploited by scammers looking to turn an illegal profit,” said acting US attorney Jennifer Williams.
“Warranty fraud is not a victimless crime; rather, companies which support employment for thousands of workers stand to lose millions of dollars, which was the case here. The defendant’s scheme caused real harm, which is why he will now spend many years behind bars as punishment for his actions.” ®
0 Comments