The Stack Archive

Mattel clawed back $3m from Chinese scammers

Wed 30 Mar 2016

Mattel Hot Wheels

Mattel, the U.S. toy company behind Barbie and Hot Wheels cars, handed over $3 million (approx. £2.1 million) to Chinese cyberthieves in a personalised email phishing scam in 2015.

Undergoing a corporate reshuffle in April last year following the dismissal of CEO Bryan Stockton and the appointment of Christopher Sinclair in his place, Mattel was targeted by cybercriminals looking to take advantage of the instability. An email was sent to an unnamed financial executive, supposedly from Sinclair, requesting a new vendor payment to a Chinese account.

Aware of a Mattel policy that requires top level managers to approve such transfers, the thieves picked out the individual knowing that she was qualified to process the payment.

On receiving the email from her ‘new boss’, the executive immediately complied with the demand, transferring $3 million to the Bank of Wenzhou.

Later, after casually mentioning to Sinclair that she had made the payment, the fake vendor request was discovered and Mattel made urgent contact with its U.S. bank, the police and the FBI.

While the money had already been wired to China, luckily a Labour Day bank holiday allowed Chinese authorities to launch a criminal investigation in time to notify the Bank of Wenzhou which froze the funds. The money was returned to the toy firm two days later.

The incident came at a particularly difficult time for Mattel as it struggles to reposition its operations in China. In 2007, the company was forced to recall 19 million ‘Made in China’ toys, including Pixar cars coated in lead paint and Barbie dolls containing hazardous magnets. A recent effort saw the business place itself as a child development brand in the country, fighting rising costs and staff shortages to grow its China sales by 43% in 2015.

The FBI suggests that fake CEO or fake president email scams have cost thousands of global companies, many of them U.S.-based, over $1.8 billion in just over two years. It notes that the majority of these stolen funds pass through banks in China and Hong Kong.


Asia China cybercrime security
Send us a correction about this article Send us a news tip