A finance executive of US toymaker Mattel fell victim to a phishing scam that fooled him into wiring $3 million to a Chinese bank.
Just when you thought phishing schemes couldn’ get trickier, you stumble on this story and can’t help thinking “Wow, that email must have been convincing!” .Here’s why the scam worked:
- Good timing and credibility – it was signed by the recently appointed CEO, enough reason to say “yes, sir!”
- Protocols were met – the company rules on transferring funds required approval from two top-level managers.
- It requested a vendor payment in China, where Mattel does business. In fact, it owns the “House of Barbie,” a 6-floor flagship megastore on one of Shanghai’s busiest shopping boulevards.
After realizing it had been scammed, the company tried to stop the transfer with the help of FBI and police forces. In a rare stroke of luck, the bank was closed for a national holiday, so the transfer didn’t go through. After the Bank of Wenzhou opened its doors again, the Chinese police froze the account and the company retrieved the money two days later.
We hereby reiterate our appreciation,” Mattel wrote. “We also hope that this case can pave the way for future international cooperation in fighting similar transnational crimes.”
This scam goes to show that phishing doesn’t grow old, but gets better with time – scammers have access to more personal information than ever. As we publicly share our email addresses, where we work, the people we connect to and what online services we use, we are also more exposed than ever.