I agree - this is too basic a scam - what was needed is a tip off to scrunitise the transactions.
The prosecution merely stated that the author metadata was a match as part of proceedings.
This being the reason he was caught, as insinuated by the headline, appears to be a clickbait embellishment. There is no factual reference to the metadata being key to cracking the case from the investigators, this is the article author taking "creative" leeway.
If you read the actual filing, you will see that 'Employee-1' and 'Employee-2' indicated things were amiss with vendor mismatches and no equipment to show.
Perhaps even more damning, from the court records:
* "The only signatory on the Interactive Systems account is HICHAM KABBAJ, the defendant." and
* "the only withdrawals from the Interactive Systems account, other than maintenance fees, are transfers to two accounts at Bank-1 held in the name of KABBAJ ("Kabbaj Account-1" and "Kabbaj Account-2")"
They also traced who read and opened the invoice emails at the defraded company and it was only Kabbaj. They really did not need the metadata for this case.
So cheap clickbaiting I think to troll the microsoft haters.
It has worked, looking at the comments about Microsoft. BTW It isn't who the software is registered to, it is the current user, and you can happily clear the metadata.
It's like complaining that a file created in unix has the creators username and time attached - where is the privacy!! It even logs atime and mtime!!!
Shame about journalistic standards.