How Mattel Lost $3M In CEO Fraud Phishing



Mattel CEO Fraud Phishing ScamGreat story by Erika Kinetz at the Associated Press. How Mattel was the victim of CEO Fraud using phishing and social engineering to trick one of their executives in China to make a $3 Million wire transfer.

She started the story with: "The email seemed unremarkable: a routine request by Mattel Inc.'s chief executive for a new vendor payment to China.

"It was well-timed, arriving on Thursday, April 30, during a tumultuous period for the Los-Angeles based maker of Barbie dolls. Barbie was bombing, particularly overseas, and the CEO, Christopher Sinclair, had officially taken over only that month. Mattel had fired his predecessor.

"The finance executive who got the note was naturally eager to please her new boss. She double-checked protocol. Fund transfers required approval from two high-ranking managers. She qualified and so did the CEO, according to a person familiar with the investigation who spoke on condition of anonymity because he was not authorized to speak about the matter. He declined to reveal the finance executive's name.

Satisfied, the executive wired over $3 million to the Bank of Wenzhou, in China."
 
A few hours she mentioned it to her new boss but he had not asked for the transfer. Mattel went into a panic and called their banks, the police and the FBI. The response? You're out of luck, the money's already in China. An insider who was close to the incident told me that the people who actually saved the day were the employees of the Chinese bank who saw over $3M come in from Mattel to an unrelated account and called the cops.
 
Mattel did get all their money back. Excellent object lesson and something you should forward to your C-level execs to explain CEO Fraud is a clear and present phishing danger.

 
This is an excellent example why you need to send simulated CEO Fraud phishing emails to your high-risk employees in HR and Accounting as a form of effective security awareness training. Learn how easy it is to train and phish your employees. Ask for a one-on-one demo.
 
Request A Demo
 
 
 
 

 

 

Topics: CEO Fraud

Subscribe To Our Blog


Recent Posts




Get the latest about social engineering

Subscribe to CyberheistNews