Florida woman imprisoned for massive Microsoft license fraud scheme
Bleeping Computer
by Sergiu GatlanMarch 2, 2026
AI-Generated Deep Dive Summary
A Florida woman, Heidi Richards, has been sentenced to 22 months in prison and fined $50,000 for running a large-scale scheme involving the theft and trafficking of Microsoft Certificate of Authenticity (COA) labels. These labels are used to authenticate software and include unique product keys that activate Microsoft products like Windows and Office. Richards, who operated an e-commerce business called Trinity Software Distribution, was involved in a years-long operation where she and her accomplices purchased tens of thousands of genuine COA labels from a Texas-based company between 2018 and 2023. Instead of selling the labels with the software they were intended to accompany, Richards instructed her team to extract the product key codes manually and sell them separately to customers worldwide.
The scheme was lucrative but illegal, as federal law prohibits the sale of COA labels without being affixed to the software or hardware they authenticate. By extracting and reselling these keys, Richards allowed customers to activate Microsoft products without a legitimate license. This practice created an illicit market for standalone COA labels, which can be used to bypass licensing requirements. The investigation revealed that Richards’ team wired over $5 million to their supplier while profiting from the sale of stolen product keys.
This case highlights the importance of enforcing intellectual property laws and underscores the risks associated with buying software licenses outside official channels. Microsoft COA labels are legally meant to accompany specific products, and removing them creates opportunities for fraud. The prosecution, led by Assistant U.S. Attorney Risha Asokan and trial attorney Jared Hosid from the Computer Crime and Intellectual Property Section (CCIPS), demonstrates a continued effort to combat cybercrime and protect software licensing systems. With over
Verticals
securitytech
Originally published on Bleeping Computer on 3/2/2026