Slashdot Mirror

← Back to Stories (view on slashdot.org)

Chinese Scammers Take Mattel To the Bank, Phishing Them For $3 Million (www.cbc.ca)

Posted by BeauHD on from the sign-of-the-times dept.

itwbennett quotes a report from The Associated Press: Mattel, the popular toy maker behind Barbie and Hot Wheels, was the victim of a phishing attack last year that nearly cost them $3 million. On April 30, 2015, a Mattel finance executive got a note from the new CEO, Christopher Sinclair, requesting a new vendor payment to China. Transfers required approval from two high-ranking managers; the finance exec qualified and so did the CEO. The transfer was made. The only thing preventing a total loss was the fact that the following day was a bank holiday. Details of the attack against Mattel come from a report by the Associated Press, investigating money laundering and other financial crime in Wenzhou, China.

20 of 63 comments (clear)

  1. Dumb by 110010001000 · · Score: 3, Insightful

    A simple phone call to the CEO would have confirmed the request was legitimate. But I'll bet the execs all got a bonus anyway that year.

    1. Re:Dumb by OzPeter · · Score: 3, Insightful

      A simple phone call to the CEO would have confirmed the request was legitimate.

      And how do you think ANY boss would feel about being continually questioned "Did you really mean this?" by their underlings?

      --
      I am Slashdot. Are you Slashdot as well?
    2. Re:Dumb by The-Ixian · · Score: 4, Insightful

      To be fair, if this transaction quantity and type is something you deal with regularly, you can see how you might become lax in your procedures.

      No excuse, to be sure. But I have sympathy for them.

      --
      My eyes reflect the stars and a smile lights up my face.
    3. Re:Dumb by radarskiy · · Score: 2

      Why would you think to ask for approval from the CEO when the CEO just sent you approval?

    4. Re:Dumb by Anonymous Coward · · Score: 2, Informative

      Not OP nor anyone else in the thread here. I do a lot of daily work involving sums both up to and larger than this size. Before I can whip a check out the door, I have to go to a committee which has our country CFO and CEO or their designees present. Once approved there, I have to go to the global committee for the same (international company). Then I have to go to the people who actually control the company checking account, and they verify that I got approval from the first two groups. They basically check my story and give me authorization to spend money.

      Lastly, I need email approval on top of all this from a manager who has sufficient spend authority to ok the expenditure. But that last step is the only email in the chain, the rest are conference calls with the interested parties. It's their job to basically make sure I didn't give the finance folks a line of bull.

      It's an exceptional amount of checks and balances, with anything costing more than a Ford Focus requiring mass interrogation. No single or even dual email from any C-level person is sufficient to make money leave my company that easily.

    5. Re:Dumb by Holi · · Score: 4, Interesting

      Our finance department gets this often, for realistic sums, and we do a lot of business with China. We now have a policy that these transfers must be authorized in person.

      --
      Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
    6. Re:Dumb by 110010001000 · · Score: 3, Informative

      In our company the policy is you need to contact the CEO verbally in order to do these transactions. No one authorizes multimillion transactions via email, because of these phishing attacks. So there is your insight.

  2. . . . and can we assume. . . by Salgak1 · · Score: 2

    . . . .that the "finance executive" is no longer employed by Mattel ?? I note that in all the reports, this executive is carefully not named. . .

    1. Re:. . . and can we assume. . . by Thanshin · · Score: 5, Funny

      . . . .that the "finance executive" is no longer employed by Mattel ?? I note that in all the reports, this executive is carefully not named. . .

      In Mattel they don't kid around with failure. Not only you're "disappeared", they even continue de proud tradition of Damnatio memoriae, by which they delete every single mention to your name. Just as Horemheb tried to do with Akhenaten.

      The pyramids were made by successively piling lego shaped rocks. Lego, the direct competence of Mattel! Coincidence? I think not.

  3. Re:Interesting that this isn't reversible by Rande · · Score: 5, Informative

    It would be reversible...if the money stayed in the destination account.
    However, what they do is then split the money into many, many accounts, and keep moving it, travelling the world until it's laundered enough to recover.
    As each account would require a court order to disclose what happened to the money in it, and different countries have different requirements to disclose and different languages, by the time they've chased down the money, it's already moved on - so they just don't bother.

  4. No they didn't by DNS-and-BIND · · Score: 3, Informative
    It's right there in the article.

    May 1 was a banking holiday in China. The following Monday they were able to get assistance from local law enforcement and banking officials to freeze the account that held the stolen funds. Two days later, the money was recovered.

    It's like Slashdot hasn't changed at all since the new Backslash guy or whatever his nick was took over. We're still getting all the duplicate stories and just plain wrong news. Sigh.

    --
    Shutting down free speech with violence isn't fighting fascism. It IS fascism!
    1. Re:No they didn't by The-Ixian · · Score: 4, Insightful

      Perhaps you should meta moderate more?

      --
      My eyes reflect the stars and a smile lights up my face.
    2. Re:No they didn't by Zontar_Thing_From_Ve · · Score: 3

      It's right there in the article.

      May 1 was a banking holiday in China. The following Monday they were able to get assistance from local law enforcement and banking officials to freeze the account that held the stolen funds. Two days later, the money was recovered.

      Translation - Mattel was able to find the right banking and local law enforcement officials to bribe in China to get help on this and they were able to recover 90% of the money by only paying 10% out in bribes.

      Not joking here. That's probably what really happened. Or the bad guys failed to bribe the right people in China to look the other way and the authorities decided to punish them be sending the money back.

  5. Re:Interesting that this isn't reversible by DNS-and-BIND · · Score: 4, Informative

    Yeah, but China isn't just any country. This isn't Romania. There are tons of controls on international transactions. Otherwise there would be a giant sucking sound for a month or two and China would be empty of funds. Nobody trusts Chinese banks, especially Chinese banks. This is why property is always super-hot in China and prices everyone out of the market - there's really nowhere else to invest money.

    --
    Shutting down free speech with violence isn't fighting fascism. It IS fascism!
  6. Re:Interesting that this isn't reversible by geeper · · Score: 3, Informative

    Here is a podcast that is a great example of how to do this and explains how easy it is.

    http://www.npr.org/sections/mo...

    --
    Error reading device 'Signature'. (A)bort, (R)etry, (F)ail?
  7. It is and it was by Sycraft-fu · · Score: 3, Insightful

    If you read the article that is precisely what happened. The Chinese bank froze the funds, and then reversed the transaction.

    There are cases where someone can get screwed out of this happening, but when action is taken quickly it usually can be reversed since everything is tracked.

  8. Re:offtopic semantic nazism by MyLongNickName · · Score: 4, Informative

    From the Article

    "Two days later, the money was recovered."

    So the semantics from the summary were correct and it is the title is somewhat inaccurate or at least misleading.

    --
    See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
  9. Re:Interesting that this isn't reversible by MyLongNickName · · Score: 2

    It was reversible and they did reverse it.

    From the Article

    "Two days later, the money was recovered."

    --
    See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
  10. Re:Three waves by __aaclcg7560 · · Score: 4, Funny

    The first wave of people to immigrate are the people seeking education.

    The Puritans came to America not to escape from religious persecution in Europe but to learn how to grow corn from the Native Americans?

  11. China by sjbe · · Score: 3, Interesting

    China isn't just any country. This isn't Romania. There are tons of controls on international transactions. Otherwise there would be a giant sucking sound for a month or two and China would be empty of funds.

    No it wouldn't. China has huge currency reserves to combat currency speculation. While it's not impossible, it would be pretty difficult to drain China of cash.

    This is why property is always super-hot in China and prices everyone out of the market - there's really nowhere else to invest money.

    That's simply not true at all. Property is hot in China because they have 20% of the world's population and their economy is growing like crazy. There are other factors in play (including the banks) but the main driver is simply demand from an increasingly prosperous populace which couldn't own land until fairly recently.