Greedy and careless
As others have pointed out, there are many ways to sanitize documents' metadata. I imagine someone was wise to this a while before he was caught and needed to set up a trap to get evidence that it really was him.
If he hadn't continued, and received much less than $6M, he would have likely gotten away with it. Big-company accounting rounds on 5-digit numbers for the most part. It takes a big purchase or something way out of line to even trigger someone batting an eyelash. The medium-ish company I work for routinely writes multi-million dollar checks to vendors and service providers, and small invoices could be slipped in between these without anyone saying anything.
The other very important thing to remember is this...forensic accountants live for this stuff. Once they get wind of something worth investigating, they will not let it go until they find the root cause. So, it would be possible for someone to get away with a scam like this for years, especially if he just set himself up as a reseller and skimmed profits off the real equipment being delivered. It's just not possible forever. It's more possible if you have someone on the inside in purchasing helping you (or in this case, if you get to approve invoice payments yourself.)
Biting the hand that feeds IT
