A Microsoft employee was charged this week for stealing $10 million over the course of two years from the company. How did he do it? Believe it or not, it wasn’t that hard.
According to court documents, the employee, a 26-year-old Ukrainian named Volodymyr Kvashuk, worked as an engineer for the technology giant. His main job was to test Microsoft products, specifically by placing mock online orders to make sure the system was running as designed.
Of course, Kvashuk was unable to receive any of the fake orders he placed for testing purposes. But he noticed a flaw: He could place a real order for a virtual gift card and that gift card would then be sent to his test account. Ka-ching! He could then use the gift card as real money to purchase Microsoft products.
And purchase he did. He used his store credit to buy software subscriptions and other Microsoft items, including hardware. But that’s kind of boring, right? So naturally, the intrepid Kvashuk grew bolder. He figured out how to cash out his store credit into Bitcoin — which Microsoft’s online store accepts — and then convert the digital currency into hard cash using online exchange service Coinbase. This is not rocket science.
Oh, then he bought a Tesla and waterfront property, and that’s no so boring at all!
So how was the scheme uncovered? Court documents don’t say specifically, but it appears that as the need to cover his tracks became more urgent, Kvashuk started using the credentials of fellow employees that he was able to access from a shared worksheet to move money out and around to his own account. And of course, I’m surmising that people noticed the Tesla, as well as other signs of him living beyond the means of a typical engineer. People probably got suspicious, and those suspicions turned into an investigation. In the end, he was sentenced to nine years and ordered to make restitution.
Now, you may be wondering how this could happen to one of the world’s biggest technology companies, one that employs thousands of the best and the brightest and can well afford to implement the tools and internal controls necessary to avoid being embezzled. That’s a good question, and I’m pretty certain there are more than a few internal auditors at Microsoft who are being flogged. But enough about them. What’s even more important is if Microsoft can so easily get embezzled out of $10 million by one guy working out of a cubicle in Washington state, what about your little business?… Entreprenure