Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
China Toys Communications Crime Network Networking Privacy Security The Almighty Buck The Internet United States Wireless Networking News Technology

Chinese Scammers Take Mattel To the Bank, Phishing Them For $3 Million (www.cbc.ca) 63

itwbennett quotes a report from The Associated Press: Mattel, the popular toy maker behind Barbie and Hot Wheels, was the victim of a phishing attack last year that nearly cost them $3 million. On April 30, 2015, a Mattel finance executive got a note from the new CEO, Christopher Sinclair, requesting a new vendor payment to China. Transfers required approval from two high-ranking managers; the finance exec qualified and so did the CEO. The transfer was made. The only thing preventing a total loss was the fact that the following day was a bank holiday. Details of the attack against Mattel come from a report by the Associated Press, investigating money laundering and other financial crime in Wenzhou, China.
This discussion has been archived. No new comments can be posted.

Chinese Scammers Take Mattel To the Bank, Phishing Them For $3 Million

Comments Filter:
  • When your mindset is based around US-style ACH bank payment, it's confusing that this isn't a reversible thing. I've had the experience of being overpaid several times, and the company just reverses the transfer. I guess wire transfers are just like handing a bag of cash over to the recipient?

    This is an interesting story - I guarantee there are people in the company I work for who would happily fall for something like this and be in a position to approve a transaction of that size.

    • by Rande ( 255599 ) on Thursday March 31, 2016 @08:15AM (#51813763) Homepage

      It would be reversible...if the money stayed in the destination account.
      However, what they do is then split the money into many, many accounts, and keep moving it, travelling the world until it's laundered enough to recover.
      As each account would require a court order to disclose what happened to the money in it, and different countries have different requirements to disclose and different languages, by the time they've chased down the money, it's already moved on - so they just don't bother.

      • by DNS-and-BIND ( 461968 ) on Thursday March 31, 2016 @08:22AM (#51813795) Homepage
        Yeah, but China isn't just any country. This isn't Romania. There are tons of controls on international transactions. Otherwise there would be a giant sucking sound for a month or two and China would be empty of funds. Nobody trusts Chinese banks, especially Chinese banks. This is why property is always super-hot in China and prices everyone out of the market - there's really nowhere else to invest money.
        • by Anonymous Coward

          afaiu it moving money out of China is so tightly controlled that Chinese companies have resorted to suing themselves via US subsidiaries to get money out that way

        • by Anonymous Coward

          Um. No. The reason why property became super hot is, (1) depositors get too low interest rates. Happened right around the Asian Financial Crisis, and continues until now. (2) There's not many other investment vehicles to invest in. The stock market is very immature right now. (3) Government encouraged the property bubble, because local government was/is funding a lot of debt through property sales.

        • China (Score:4, Interesting)

          by sjbe ( 173966 ) on Thursday March 31, 2016 @09:01AM (#51814027)

          China isn't just any country. This isn't Romania. There are tons of controls on international transactions. Otherwise there would be a giant sucking sound for a month or two and China would be empty of funds.

          No it wouldn't. China has huge currency reserves to combat currency speculation. While it's not impossible, it would be pretty difficult to drain China of cash.

          This is why property is always super-hot in China and prices everyone out of the market - there's really nowhere else to invest money.

          That's simply not true at all. Property is hot in China because they have 20% of the world's population and their economy is growing like crazy. There are other factors in play (including the banks) but the main driver is simply demand from an increasingly prosperous populace which couldn't own land until fairly recently.

      • by geeper ( 883542 ) on Thursday March 31, 2016 @08:28AM (#51813835)
        Here is a podcast that is a great example of how to do this and explains how easy it is.

        http://www.npr.org/sections/mo... [npr.org]
      • It was reversible and they did reverse it.

        From the Article

        "Two days later, the money was recovered."

      • It would be reversible...if the money stayed in the destination account.

        That rather depends on the jurisdiction where the bank's located. In England & Wales it's certainly not the case that you can automatically issue an "undo".

        http://www.theguardian.com/mon... [theguardian.com]

        In China, Vanuatu or some mailbox on a rock in the Caribbean ... anybody's guess. Probably depends how friendly the account holder is with the local officials.

        • by kmoser ( 1469707 )

          It would be reversible...if the money stayed in the destination account.

          That rather depends on the jurisdiction where the bank's located. In England & Wales it's certainly not the case that you can automatically issue an "undo".

          If the money was held in Zurich, all you'd need to do is issue a Ctrl+Z.

    • It is and it was (Score:4, Insightful)

      by Sycraft-fu ( 314770 ) on Thursday March 31, 2016 @08:32AM (#51813861)

      If you read the article that is precisely what happened. The Chinese bank froze the funds, and then reversed the transaction.

      There are cases where someone can get screwed out of this happening, but when action is taken quickly it usually can be reversed since everything is tracked.

    • I guess wire transfers are just like handing a bag of cash over to the recipient?

      It's a bit more nuanced that that but it's not far from the truth. If you send a wire transfer you may as well be handing the other party that amount of cash. It's not without utility but it definitely carries significant counterparty risk.

    • These email/phishing attacks are quite common. The company I work for has come close to falling for this. Luckily they contacted me prior to investigate. We receive variant attacks like this about 6 times a year.

  • Dumb (Score:4, Insightful)

    by 110010001000 ( 697113 ) on Thursday March 31, 2016 @08:11AM (#51813739) Homepage Journal
    A simple phone call to the CEO would have confirmed the request was legitimate. But I'll bet the execs all got a bonus anyway that year.
    • Re:Dumb (Score:4, Insightful)

      by OzPeter ( 195038 ) on Thursday March 31, 2016 @08:18AM (#51813773)

      A simple phone call to the CEO would have confirmed the request was legitimate.

      And how do you think ANY boss would feel about being continually questioned "Did you really mean this?" by their underlings?

      • Really? How would the boss feel if you lost $3 million on the basis of an EMAIL when a 20 second phone call would have prevented it??? Christ, how stupid are YOU?
      • by Holi ( 250190 )
        Probably better then having to constantly explain to his shareholders why he authorized a large transfers to random individuals.
    • Re:Dumb (Score:5, Insightful)

      by The-Ixian ( 168184 ) on Thursday March 31, 2016 @08:24AM (#51813811)

      To be fair, if this transaction quantity and type is something you deal with regularly, you can see how you might become lax in your procedures.

      No excuse, to be sure. But I have sympathy for them.

    • Why would you think to ask for approval from the CEO when the CEO just sent you approval?

      • An email is not "approval". Christ. Everyone with a brain knows that emails can be faked. Do you really think those email messages from "Facebook, Inc" are from Facebook?
        • I don't deal with anywhere near that much money or make bank transfers but I always talk to the person directly before I approve squat. I know there are a few people annoyed by it and have even complained but I don't care, it would surely have stopped something like this. I procure a lot of hardware and have small department heads that get blind approvals and then try to sandbag the purchases with upgrades and extra peripherals they tend to get pissed when I take those quotes back to confirm approval only f

        • If you could determine that the email was faked then you wouldn't need to contact the CEO... because you already know it's fake.

    • No, (digitally) signed authorizations should be provided.

  • . . . .that the "finance executive" is no longer employed by Mattel ?? I note that in all the reports, this executive is carefully not named. . .

    • by Thanshin ( 1188877 ) on Thursday March 31, 2016 @08:28AM (#51813839)

      . . . .that the "finance executive" is no longer employed by Mattel ?? I note that in all the reports, this executive is carefully not named. . .

      In Mattel they don't kid around with failure. Not only you're "disappeared", they even continue de proud tradition of Damnatio memoriae, by which they delete every single mention to your name. Just as Horemheb tried to do with Akhenaten.

      The pyramids were made by successively piling lego shaped rocks. Lego, the direct competence of Mattel! Coincidence? I think not.

    • Everybody makes mistakes. I can pretty much guarantee you that the exec in question won't easily fall for this again. If new procedures can come out of this that prevent these mistakes from happening again, then the 3 mil becomes an investment rather than a loss.

  • No they didn't (Score:4, Informative)

    by DNS-and-BIND ( 461968 ) on Thursday March 31, 2016 @08:18AM (#51813777) Homepage
    It's right there in the article.

    May 1 was a banking holiday in China. The following Monday they were able to get assistance from local law enforcement and banking officials to freeze the account that held the stolen funds. Two days later, the money was recovered.

    It's like Slashdot hasn't changed at all since the new Backslash guy or whatever his nick was took over. We're still getting all the duplicate stories and just plain wrong news. Sigh.

    • Re:No they didn't (Score:5, Insightful)

      by The-Ixian ( 168184 ) on Thursday March 31, 2016 @09:01AM (#51814023)

      Perhaps you should meta moderate more?

      • by antdude ( 79039 )

        I don't even get meta moderation anymore. IIRC, Rob Malda said I visit /. too much. :/

    • by Anonymous Coward

      What exactly are you complaining about? The Slashdot title uses the word "phishing" which means "an attempt to acquire", which is exactly what it was: an attempt. Then the summary says things like "nearly cost them $3 million" and "The only thing preventing a total loss".

      May I suggest learning reading comprehension before complaining about writing errors.

    • The phrase "take it to the bank" - this is meant to emphasize something that is certain, or known for sure. But then this is followed by the phrase "phishing them for 3 million" right afterwards. So by using jargon that emphasizes certainty followed by a relatively new English language word (phishing) which technically means attempt (but maybe most readers directly associate this with scammed) - this heavily implies that Mattel was indeed fleeced, robbed, scammed, looted, pillaged, phished or whatever wor
    • by phorm ( 591458 )

      It's *somewhat* accurate. Essentially the phishing was successful, and it did go to the bank, but they were saved by a holiday which allowed them to later reverse the transaction.

    • by Zontar_Thing_From_Ve ( 949321 ) on Thursday March 31, 2016 @12:58PM (#51816285)

      It's right there in the article.

      May 1 was a banking holiday in China. The following Monday they were able to get assistance from local law enforcement and banking officials to freeze the account that held the stolen funds. Two days later, the money was recovered.

      Translation - Mattel was able to find the right banking and local law enforcement officials to bribe in China to get help on this and they were able to recover 90% of the money by only paying 10% out in bribes.

      Not joking here. That's probably what really happened. Or the bad guys failed to bribe the right people in China to look the other way and the authorities decided to punish them be sending the money back.

  • by osee ( 944334 )

    nearly cost them $3 million
    cost them nearly $3 million

    So do these two mean the same thing?
    I feel like in the second case they lost the money, in the first they came close but did not.

  • Having worked there in the early 90s, I can tell you that the place runs more like Fairchild Semiconductor than Apple. RHIP and the left hand doesn't know what the right hand is doing.

"The vast majority of successful major crimes against property are perpetrated by individuals abusing positions of trust." -- Lawrence Dalzell

Working...