Tech scammer who fooled Cisco, Microsoft and Lenovo out of millions jailed for more than seven years

Networking giant alone taken for $3.5m


A scammer who convinced some of the world's biggest tech businesses to send him replacement kit has been sentenced to seven years and eight months in the US prison system.

Justin David May, 31, used stolen hardware serial numbers, a plethora of fake websites and online identities, social engineering tactics, and a network of associates, to scam Cisco out of nearly $3.5m in hardware in just 12 months.

Microsoft lost 139 Surface laptops (retail cost $364,761) to the crook, with Lenovo US also losing 193 replacement hard drives worth $143,000, and APC (formerly American Power Conversion) getting scammed out of a few uninterruptible power supplies. May pleaded guilty to 42 counts of mail fraud, 10 counts of money laundering, three counts of interstate transportation of goods obtained by fraud, and two counts of tax evasion.

“May and his co-conspirators undermined the warranty process which exists to support honest consumers. They profited from this complex scheme while defrauding these companies and the federal government,” said Michael Driscoll, special agent in charge of the FBI's Philadelphia division.

“Through the hard work and collaborative efforts of the FBI and IRS, this sentencing sends the message to those who seek to make a profit through fraud and deception, that this conduct bears significant consequences.”

In the largest scam against Cisco, run from April 2016, according to court documents [PDF] filed in a federal district court in Pennsylvania, May and his cohorts set up web domains and email addresses to mimic cisco.com user IDs and harvested serial numbers of legit machinery.

They then used these details to trick Cisco staff into sending out replacements for kit the crooks didn't actually own, such as a Cisco Catalyst 3850-48P-E Switch worth around $21,000 at the time, and a couple of Cisco ASR 9001 routers priced at over $100,000 for the pair. The fraudsters thus made off with the new gear and the supposedly broken equipment that was being replaced was never seen by the tech giant.

Systemic failings

The same scam worked well for Microsoft and Lenovo too, it seems. The court docs note that May was skilled at picking imaginary faults that weren't repairable via a remote connection or software update, and instead seemed serious enough to warrant a replacement unit. In addition, his crew digitally altered images of their supposed kit and serial numbers to fool support staff.

Once the hardware was received, usually via UPS or FedEx, the companies never got the faulty kit back because it never existed. Meanwhile the packages were picked up, sold on eBay and other second-hand sites, and the cash pocketed, or in the case of Microsoft, some of the hardware shipped to Singapore for resale.

These weren't overly sophisticated crooks: May deposited some checks in his personal account, although he also used check-cashing shops to get hard currency. The Feds say some of this was used to obtain a 2017 BMW Coupe, and a large amount of cash was found at his home.

The key to the scam appears to have been persistence and tailoring. It took hundreds of support requests to get the kit, and the hit rate was surprisingly high. In Cisco's case, 368 false warranty claims worked at least 252 times, and with Lenovo, 216 ThinkPad hard drive warranty claims were made, only being turned down 23 times.

“Warranties are designed to make consumers whole by replacing faulty products, not to be exploited by scammers looking to turn an illegal profit,” said acting US attorney Jennifer Williams.

“Warranty fraud is not a victimless crime; rather, companies which support employment for thousands of workers stand to lose millions of dollars, which was the case here. The defendant’s scheme caused real harm, which is why he will now spend many years behind bars as punishment for his actions.” ®

Similar topics


Other stories you might like

Biting the hand that feeds IT © 1998–2021