Connect with us

The Online Technology

IT exec sets up fake biz to scam his employer out of $6m – Naked Security

Security Watch

IT exec sets up fake biz to scam his employer out of $6m – Naked Security


The years 2015 through 2019 were sweet for an IT services and product outfit calling itself Interactive Systems.

It submitted 52 invoices to a global internet business in Manhattan for a slew of stuff: 10 servers here, 16 servers there, 3 firewall devices, plus fat setup fees for all of it.

Funny thing about those invoices, though: four of them were submitted as Microsoft Word documents. The metadata for all four of the Word docs pointed to the same author: an IT boss working for the internet company being billed.

That IT exec’s name is Hicham Kabbaj, and on Friday, he pleaded guilty to one count of wire fraud for having set up a shell company and billing his employer for firewalls and services that “Interactive Systems” never actually installed.

To make it all perfectly circular, Kabbaj even addressed the invoices to himself.

As prosecutor Scott McNeil described in court filings, from around August 2015 through to around April 2019, Interactive Systems submitted approximately 52 invoices to “Company-1”. Once Company-1 paid up, Kabbaj would slide the cash on over to his own bank account – a scam that netted him a cool $6 million.

The last payment he got his hands on was in May 2019. After that, investigators spoke with two of Kabbaj’s colleagues.

One of them was a datacenter employee who worked under Kabbaj. “Employee-1” was in charge of Company-1’s datacenters since sometime in 2016, including being in charge of purchases during the time that Kabbaj was working for the company. Employee-1 told the Feds that he never purchased the firewall devices described in a March 2018 invoice, nor in a February 2019 invoice. Ditto for the 10 servers listed in an April 2019 invoice.