Chinese Scammers Take Mattel To the Bank, Phishing Them For $3 Million (www.cbc.ca)

← Back to Stories (view on slashdot.org)

Chinese Scammers Take Mattel To the Bank, Phishing Them For $3 Million (www.cbc.ca)

Posted by BeauHD on Thursday March 31, 2016 @01:01AM from the sign-of-the-times dept.

itwbennett quotes a report from The Associated Press: Mattel, the popular toy maker behind Barbie and Hot Wheels, was the victim of a phishing attack last year that nearly cost them $3 million. On April 30, 2015, a Mattel finance executive got a note from the new CEO, Christopher Sinclair, requesting a new vendor payment to China. Transfers required approval from two high-ranking managers; the finance exec qualified and so did the CEO. The transfer was made. The only thing preventing a total loss was the fact that the following day was a bank holiday. Details of the attack against Mattel come from a report by the Associated Press, investigating money laundering and other financial crime in Wenzhou, China.

63 comments

Min score:

Reason:

Sort:

Interesting that this isn't reversible by ErichTheRed · 2016-03-31 01:10 · Score: 1

When your mindset is based around US-style ACH bank payment, it's confusing that this isn't a reversible thing. I've had the experience of being overpaid several times, and the company just reverses the transfer. I guess wire transfers are just like handing a bag of cash over to the recipient?
This is an interesting story - I guarantee there are people in the company I work for who would happily fall for something like this and be in a position to approve a transaction of that size.
1. Re:Interesting that this isn't reversible by Rande · 2016-03-31 01:15 · Score: 5, Informative
  
  It would be reversible...if the money stayed in the destination account.
  However, what they do is then split the money into many, many accounts, and keep moving it, travelling the world until it's laundered enough to recover.
  As each account would require a court order to disclose what happened to the money in it, and different countries have different requirements to disclose and different languages, by the time they've chased down the money, it's already moved on - so they just don't bother.
2. Re:Interesting that this isn't reversible by DNS-and-BIND · 2016-03-31 01:22 · Score: 4, Informative
  
  Yeah, but China isn't just any country. This isn't Romania. There are tons of controls on international transactions. Otherwise there would be a giant sucking sound for a month or two and China would be empty of funds. Nobody trusts Chinese banks, especially Chinese banks. This is why property is always super-hot in China and prices everyone out of the market - there's really nowhere else to invest money.
  
  --
  Shutting down free speech with violence isn't fighting fascism. It IS fascism!
3. Re:Interesting that this isn't reversible by geeper · 2016-03-31 01:28 · Score: 3, Informative
  
  Here is a podcast that is a great example of how to do this and explains how easy it is.
  
  http://www.npr.org/sections/mo...
  
  --
  Error reading device 'Signature'. (A)bort, (R)etry, (F)ail?
4. Re:Interesting that this isn't reversible by Anonymous Coward · 2016-03-31 01:31 · Score: 1
  
  afaiu it moving money out of China is so tightly controlled that Chinese companies have resorted to suing themselves via US subsidiaries to get money out that way
5. Re:Interesting that this isn't reversible by MyLongNickName · 2016-03-31 01:35 · Score: 2
  
  It was reversible and they did reverse it.
  From the Article
  "Two days later, the money was recovered."
  
  --
  See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
6. Re:Interesting that this isn't reversible by Anonymous Coward · 2016-03-31 01:39 · Score: 1
  
  Um. No. The reason why property became super hot is, (1) depositors get too low interest rates. Happened right around the Asian Financial Crisis, and continues until now. (2) There's not many other investment vehicles to invest in. The stock market is very immature right now. (3) Government encouraged the property bubble, because local government was/is funding a lot of debt through property sales.
7. Re:Interesting that this isn't reversible by spacepimp · 2016-03-31 02:17 · Score: 1
  
  These email/phishing attacks are quite common. The company I work for has come close to falling for this. Luckily they contacted me prior to investigate. We receive variant attacks like this about 6 times a year.
8. Re:Interesting that this isn't reversible by Hognoxious · 2016-03-31 03:42 · Score: 1
  
  It would be reversible...if the money stayed in the destination account.
  
  That rather depends on the jurisdiction where the bank's located. In England & Wales it's certainly not the case that you can automatically issue an "undo".
  http://www.theguardian.com/mon...
  In China, Vanuatu or some mailbox on a rock in the Caribbean ... anybody's guess. Probably depends how friendly the account holder is with the local officials.
  
  --
  Confucius say, "Find worm in apple - bad. Find half a worm - worse."
9. Re: Interesting that this isn't reversible by Anonymous Coward · 2016-04-01 09:47 · Score: 0
  
  And you work where, exactly?
10. Re:Interesting that this isn't reversible by kmoser · 2016-04-01 13:36 · Score: 1
  
  It would be reversible...if the money stayed in the destination account.
  That rather depends on the jurisdiction where the bank's located. In England & Wales it's certainly not the case that you can automatically issue an "undo".
  If the money was held in Zurich, all you'd need to do is issue a Ctrl+Z.
Dumb by 110010001000 · 2016-03-31 01:11 · Score: 3, Insightful

A simple phone call to the CEO would have confirmed the request was legitimate. But I'll bet the execs all got a bonus anyway that year.
1. Re:Dumb by OzPeter · 2016-03-31 01:18 · Score: 3, Insightful
  
  A simple phone call to the CEO would have confirmed the request was legitimate.
  
  And how do you think ANY boss would feel about being continually questioned "Did you really mean this?" by their underlings?
  
  --
  I am Slashdot. Are you Slashdot as well?
2. Re:Dumb by The-Ixian · 2016-03-31 01:24 · Score: 4, Insightful
  
  To be fair, if this transaction quantity and type is something you deal with regularly, you can see how you might become lax in your procedures.
  No excuse, to be sure. But I have sympathy for them.
  
  --
  My eyes reflect the stars and a smile lights up my face.
3. Re:Dumb by 110010001000 · 2016-03-31 01:58 · Score: 1
  
  Really? How would the boss feel if you lost $3 million on the basis of an EMAIL when a 20 second phone call would have prevented it??? Christ, how stupid are YOU?
4. Re:Dumb by radarskiy · 2016-03-31 02:22 · Score: 2
  
  Why would you think to ask for approval from the CEO when the CEO just sent you approval?
5. Re:Dumb by aaarrrgggh · 2016-03-31 02:23 · Score: 1
  
  No, (digitally) signed authorizations should be provided.
6. Re:Dumb by 110010001000 · 2016-03-31 02:29 · Score: 1
  
  An email is not "approval". Christ. Everyone with a brain knows that emails can be faked. Do you really think those email messages from "Facebook, Inc" are from Facebook?
7. Re:Dumb by Anonymous Coward · 2016-03-31 02:38 · Score: 0
  
  Tell us your experience with 3 million dollar transactions as a matter of daily work. Come on, troll, I'm waiting for your real insight into this.
8. Re:Dumb by Anonymous Coward · 2016-03-31 03:09 · Score: 2, Informative
  
  Not OP nor anyone else in the thread here. I do a lot of daily work involving sums both up to and larger than this size. Before I can whip a check out the door, I have to go to a committee which has our country CFO and CEO or their designees present. Once approved there, I have to go to the global committee for the same (international company). Then I have to go to the people who actually control the company checking account, and they verify that I got approval from the first two groups. They basically check my story and give me authorization to spend money.
  Lastly, I need email approval on top of all this from a manager who has sufficient spend authority to ok the expenditure. But that last step is the only email in the chain, the rest are conference calls with the interested parties. It's their job to basically make sure I didn't give the finance folks a line of bull.
  It's an exceptional amount of checks and balances, with anything costing more than a Ford Focus requiring mass interrogation. No single or even dual email from any C-level person is sufficient to make money leave my company that easily.
9. Re:Dumb by Holi · 2016-03-31 03:09 · Score: 1
  
  Probably better then having to constantly explain to his shareholders why he authorized a large transfers to random individuals.
  
  --
  Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
10. Re:Dumb by Holi · 2016-03-31 03:11 · Score: 4, Interesting
  
  Our finance department gets this often, for realistic sums, and we do a lot of business with China. We now have a policy that these transfers must be authorized in person.
  
  --
  Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
11. Re:Dumb by pr0fessor · 2016-03-31 03:36 · Score: 1
  
  I don't deal with anywhere near that much money or make bank transfers but I always talk to the person directly before I approve squat. I know there are a few people annoyed by it and have even complained but I don't care, it would surely have stopped something like this. I procure a lot of hardware and have small department heads that get blind approvals and then try to sandbag the purchases with upgrades and extra peripherals they tend to get pissed when I take those quotes back to confirm approval only for them to be shot down.
12. Re:Dumb by 110010001000 · 2016-03-31 04:25 · Score: 3, Informative
  
  In our company the policy is you need to contact the CEO verbally in order to do these transactions. No one authorizes multimillion transactions via email, because of these phishing attacks. So there is your insight.
13. Re:Dumb by radarskiy · 2016-03-31 06:15 · Score: 1
  
  If you could determine that the email was faked then you wouldn't need to contact the CEO... because you already know it's fake.
14. Re:Dumb by Anonymous Coward · 2016-03-31 12:26 · Score: 0
  
  A simple phone call to the CEO would have confirmed the request was legitimate. But I'll bet the execs all got a bonus anyway that year.
  It was the CEO who made the request.
. . . and can we assume. . . by Salgak1 · 2016-03-31 01:14 · Score: 2

. . . .that the "finance executive" is no longer employed by Mattel ?? I note that in all the reports, this executive is carefully not named. . .
1. Re:. . . and can we assume. . . by Thanshin · 2016-03-31 01:28 · Score: 5, Funny
  
  . . . .that the "finance executive" is no longer employed by Mattel ?? I note that in all the reports, this executive is carefully not named. . .
  In Mattel they don't kid around with failure. Not only you're "disappeared", they even continue de proud tradition of Damnatio memoriae, by which they delete every single mention to your name. Just as Horemheb tried to do with Akhenaten.
  The pyramids were made by successively piling lego shaped rocks. Lego, the direct competence of Mattel! Coincidence? I think not.
2. Re:. . . and can we assume. . . by The-Ixian · 2016-03-31 01:28 · Score: 1
  
  Everybody makes mistakes. I can pretty much guarantee you that the exec in question won't easily fall for this again. If new procedures can come out of this that prevent these mistakes from happening again, then the 3 mil becomes an investment rather than a loss.
  
  --
  My eyes reflect the stars and a smile lights up my face.
3. Re:. . . and can we assume. . . by Anonymous Coward · 2016-03-31 02:15 · Score: 0
  
  Everybody makes mistakes.
  Sending $3 Million to a bank in China, based on nothing more than an e-mail, is not a "mistake". It is blatant incompetence. And speaking of e-mail, how does an e-mail from the CEO originate from outside the company? Somebody in the IT department needs to be fired for not properly filtering incoming e-mail.
4. Re:. . . and can we assume. . . by phuonglinh9 · 2016-03-31 02:43 · Score: 1
  
  http://taiphimhai.com/ - xem phim hài online, video funny
No they didn't by DNS-and-BIND · 2016-03-31 01:18 · Score: 3, Informative

It's right there in the article.

May 1 was a banking holiday in China. The following Monday they were able to get assistance from local law enforcement and banking officials to freeze the account that held the stolen funds. Two days later, the money was recovered.

It's like Slashdot hasn't changed at all since the new Backslash guy or whatever his nick was took over. We're still getting all the duplicate stories and just plain wrong news. Sigh.

--
Shutting down free speech with violence isn't fighting fascism. It IS fascism!
1. Re:No they didn't by The-Ixian · 2016-03-31 02:01 · Score: 4, Insightful
  
  Perhaps you should meta moderate more?
  
  --
  My eyes reflect the stars and a smile lights up my face.
2. Re:No they didn't by Anonymous Coward · 2016-03-31 02:10 · Score: 1
  
  What exactly are you complaining about? The Slashdot title uses the word "phishing" which means "an attempt to acquire", which is exactly what it was: an attempt. Then the summary says things like "nearly cost them $3 million" and "The only thing preventing a total loss".
  May I suggest learning reading comprehension before complaining about writing errors.
3. Re:No they didn't by Beerdood · 2016-03-31 03:14 · Score: 1
  
  The phrase "take it to the bank" - this is meant to emphasize something that is certain, or known for sure. But then this is followed by the phrase "phishing them for 3 million" right afterwards. So by using jargon that emphasizes certainty followed by a relatively new English language word (phishing) which technically means attempt (but maybe most readers directly associate this with scammed) - this heavily implies that Mattel was indeed fleeced, robbed, scammed, looted, pillaged, phished or whatever word you want to use.
  
  And technically, they were phished/scammed. The voluntarily handed over the money - they just happened to catch on quickly enough and the money was returned to them. The money was in the other account by then. If someone comes to your door claiming to be a PC repair guy and you voluntarily give them your computer and they leave; guess what - you were scammed. It doesn't matter that you managed to catch on 2 minutes later and chase their vehicle down, or 2 days later to find your PC in the pawn shop - you were scammed. The confusing issue here is that nothing in the title implies that the money was returned, and simply gives the first half of the story (Mattel phished) without indicating the money was returned successfully. But that's hardly the fault of the slashdot editor here, this title is taken verbatim from the CSO article. I hardly think it's the slashdot moderator's job to edit the summary for the titles for potential confusion.
  
  --
  Global warming and other natural disasters are a direct effect of the shrinking number of pirates - Gospel of the FSM
4. Re:No they didn't by phorm · 2016-03-31 03:48 · Score: 1
  
  It's *somewhat* accurate. Essentially the phishing was successful, and it did go to the bank, but they were saved by a holiday which allowed them to later reverse the transaction.
5. Re:No they didn't by Zontar_Thing_From_Ve · 2016-03-31 05:58 · Score: 3
  
  It's right there in the article.
  
  May 1 was a banking holiday in China. The following Monday they were able to get assistance from local law enforcement and banking officials to freeze the account that held the stolen funds. Two days later, the money was recovered.
  Translation - Mattel was able to find the right banking and local law enforcement officials to bribe in China to get help on this and they were able to recover 90% of the money by only paying 10% out in bribes.
  
  Not joking here. That's probably what really happened. Or the bad guys failed to bribe the right people in China to look the other way and the authorities decided to punish them be sending the money back.
6. Re:No they didn't by antdude · 2016-03-31 13:17 · Score: 1
  
  I don't even get meta moderation anymore. IIRC, Rob Malda said I visit /. too much. :/
  
  --
  Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
offtopic semantic nazism by osee · 2016-03-31 01:24 · Score: 1, Informative

nearly cost them $3 million
cost them nearly $3 million
So do these two mean the same thing?
I feel like in the second case they lost the money, in the first they came close but did not.
1. Re:offtopic semantic nazism by MyLongNickName · 2016-03-31 01:35 · Score: 4, Informative
  
  From the Article
  "Two days later, the money was recovered."
  So the semantics from the summary were correct and it is the title is somewhat inaccurate or at least misleading.
  
  --
  See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
It is and it was by Sycraft-fu · 2016-03-31 01:32 · Score: 3, Insightful

If you read the article that is precisely what happened. The Chinese bank froze the funds, and then reversed the transaction.
There are cases where someone can get screwed out of this happening, but when action is taken quickly it usually can be reversed since everything is tracked.
Re:Three waves by __aaclcg7560 · 2016-03-31 01:37 · Score: 4, Funny

The first wave of people to immigrate are the people seeking education.
The Puritans came to America not to escape from religious persecution in Europe but to learn how to grow corn from the Native Americans?
Re:Three waves by Anonymous Coward · 2016-03-31 01:45 · Score: 0

Nah, they went cos they weren't allowed to religiously persecute others.
Wire transfers and counterparty risk by sjbe · 2016-03-31 01:53 · Score: 1

I guess wire transfers are just like handing a bag of cash over to the recipient?
It's a bit more nuanced that that but it's not far from the truth. If you send a wire transfer you may as well be handing the other party that amount of cash. It's not without utility but it definitely carries significant counterparty risk.
Re:Three waves by Anonymous Coward · 2016-03-31 01:59 · Score: 0

Nobody expects the Spanish Inquisition!
And it wasn't until the Crusades where things got ugly, right? It's not like we were trying to tame/convert the savages who ruled the land before us, right?
China by sjbe · 2016-03-31 02:01 · Score: 3, Interesting

China isn't just any country. This isn't Romania. There are tons of controls on international transactions. Otherwise there would be a giant sucking sound for a month or two and China would be empty of funds.
No it wouldn't. China has huge currency reserves to combat currency speculation. While it's not impossible, it would be pretty difficult to drain China of cash.

This is why property is always super-hot in China and prices everyone out of the market - there's really nowhere else to invest money.
That's simply not true at all. Property is hot in China because they have 20% of the world's population and their economy is growing like crazy. There are other factors in play (including the banks) but the main driver is simply demand from an increasingly prosperous populace which couldn't own land until fairly recently.
1. Re: China by Anonymous Coward · 2016-04-01 00:47 · Score: 0
  
  They have built entire city's in China that sit empty because the Chinese can't afford them. China is a housing bubble waiting to pop.
Re:Three waves by phuonglinh9 · 2016-03-31 02:46 · Score: 1

Xem phim sex online trên in thoi, mi ngi like cho url này giúp tôi nhé
Re:Three waves by Type44Q · 2016-03-31 02:54 · Score: 1

And torment the Quakers.
Re:Three waves by Anonymous Coward · 2016-03-31 02:59 · Score: 0

The first wave of people to immigrate are the people seeking education.
The Puritans came to America not to escape from religious persecution in Europe but to learn how to grow corn from the Native Americans?
Keep in mind that those who came to free themselves from "religious persecution" mostly did so because their religious practices were illegal in other countries. If you put that bit of knowledge together with some of the text of "The Scarlet Letter" and the famous "Salem Witch trials", it becomes clear some seeking "religious freedom" were seeking freedom to persecute and dominate the lives of others in ways that other countries found repulsive.
We still carry on this idea that a religion should be forced upon others. It starts with missionaries, calls to employ politicians based on their church orientation, and ends with legalizing a church's morality.
I personally think it is shameful that we make such a big to-do about the middle east's mixing of religion and politics when we are doing so little to keep the separated. Our founding fathers had more concern for separating church and state than we do. It is embarrassing that we put down countries that have managed to entwine the two to a greater degree than we have, while we are working our hardest to be them.
No surprises here by RogueWarrior65 · 2016-03-31 03:04 · Score: 1

Having worked there in the early 90s, I can tell you that the place runs more like Fairchild Semiconductor than Apple. RHIP and the left hand doesn't know what the right hand is doing.
Re: Three waves by Anonymous Coward · 2016-03-31 03:16 · Score: 0

Im sure the Taliban feel like fleeing their religious "persecution" too.
Face it, the US was settled by religious fanatic lunatics, which explains why America is so bat shit crazy even to this day.
Re:Three waves by Anonymous Coward · 2016-03-31 03:30 · Score: 0

Keep in mind that those who came to free themselves from "religious persecution" mostly did so because their religious practices were illegal in other countries.
Duh. That's sort of the definition of "religious persecution".

If you put that bit of knowledge together with some of the text of "The Scarlet Letter" and the famous "Salem Witch trials", it becomes clear some seeking "religious freedom" were seeking freedom to persecute and dominate the lives of others in ways that other countries found repulsive.
This is utter nonsense. The Puritans weren't being persecuted in England and the Netherlands for "persecuting and dominating the lives of others."

I personally think it is shameful that we make such a big to-do about the middle east's mixing of religion and politics when we are doing so little to keep the separated. Our founding fathers had more concern for separating church and state than we do.
"Separation of church and state" is about the separation of two organizations. The founding fathers didn't believe in keeping religiously-derived moral principles out of the law. For examples of what they opposed, look to Europe, where so many nations still have established or state churches.
zoom enhance by Hognoxious · 2016-03-31 03:51 · Score: 1

I assumed that the hero had managed to dramatically yank out the plug before the progress bar got to the end.

--
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
Re:Three waves by ausekilis · 2016-03-31 04:22 · Score: 1

They called it "maize", but we corrected them with our boomsticks.
Re:Three waves by PRMan · 2016-03-31 06:21 · Score: 1

And in Australia, the criminals were first...

--
Peter predicted that you would "deliberately forget" creation 2000 years ago...