Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    How Mattel Lost $3M In CEO Fraud Phishing

    Mattel CEO Fraud Phishing ScamGreat story by Erika Kinetz at the Associated Press. How Mattel was the victim of CEO Fraud using phishing and social engineering to trick one of their executives in China to make a $3 Million wire transfer.

    She started the story with: "The email seemed unremarkable: a routine request by Mattel Inc.'s chief executive for a new vendor payment to China.

    "It was well-timed, arriving on Thursday, April 30, during a tumultuous period for the Los-Angeles based maker of Barbie dolls. Barbie was bombing, particularly overseas, and the CEO, Christopher Sinclair, had officially taken over only that month. Mattel had fired his predecessor.

    "The finance executive who got the note was naturally eager to please her new boss. She double-checked protocol. Fund transfers required approval from two high-ranking managers. She qualified and so did the CEO, according to a person familiar with the investigation who spoke on condition of anonymity because he was not authorized to speak about the matter. He declined to reveal the finance executive's name.

    Satisfied, the executive wired over $3 million to the Bank of Wenzhou, in China."
     
    A few hours she mentioned it to her new boss but he had not asked for the transfer. Mattel went into a panic and called their banks, the police and the FBI. The response? You're out of luck, the money's already in China. An insider who was close to the incident told me that the people who actually saved the day were the employees of the Chinese bank who saw over $3M come in from Mattel to an unrelated account and called the cops.
     
    Mattel did get all their money back. Excellent object lesson and something you should forward to your C-level execs to explain CEO Fraud is a clear and present phishing danger.
     
    This is an excellent example why you need to send simulated CEO Fraud phishing emails to your high-risk employees in HR and Accounting as a form of effective security awareness training. Learn how easy it is to train and phish your employees. Ask for a one-on-one demo.
     
    Request A Demo
     
     
     
     

     

     

     

    Return To KnowBe4 Security Blog

    Topics: CEO Fraud

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews