A former Microsoft manager who acquired, registered and retired the company's Internet domain names was arrested Thursday and charged with stealing more than US$1 million from Microsoft, Expedia and a California company, federal prosecutors said.

Carolyn Gudmundson, 44, was indicted by a federal grand jury on 11 counts of wire fraud and seven counts of mail fraud. She faces up to 20 years in prison and fines of up to US$250,000 for bilking the three companies over a four-year period starting in 2000.

According to the indictment, Gudmundson, who was authorized to use a company credit card for domain name purchases, submitted expense reports to Microsoft accompanied by doctored receipts with inflated domain name prices. In some cases, she didn't provide receipts, but was still reimbursed by Microsoft for the amount she claimed in the expense reports.

Prosecutors also said Gudmundson had filed phony invoices with travel site Expedia.com for domain names that she had not paid for. She allegedly convinced a California domain-acquisition company, Marksman, that someone named GM Lossman was due money for the transfer of multiple domain names to Microsoft.

In the Expedia.com scam, Gudmundson took advantage of existing agreements between the travel site and Microsoft under which the latter had already paid for the domain names registered to Expedia. The Marksman swindle, said the indictment, was different: Gudmundson duped a manager there into sending the GM Lossman checks to her mother's mailing address, then cashed those checks.

Gudmundson was held in custody until a court appearance Friday afternoon, when she was released on her own recognizance. Arraignment is scheduled for December 13, where she will reportedly plead not guilty.