Chinese Scammers Take Mattel To the Bank, Phishing Them For $3 Million (www.cbc.ca) 63
itwbennett quotes a report from The Associated Press: Mattel, the popular toy maker behind Barbie and Hot Wheels, was the victim of a phishing attack last year that nearly cost them $3 million. On April 30, 2015, a Mattel finance executive got a note from the new CEO, Christopher Sinclair, requesting a new vendor payment to China. Transfers required approval from two high-ranking managers; the finance exec qualified and so did the CEO. The transfer was made. The only thing preventing a total loss was the fact that the following day was a bank holiday. Details of the attack against Mattel come from a report by the Associated Press, investigating money laundering and other financial crime in Wenzhou, China.
Interesting that this isn't reversible (Score:2)
When your mindset is based around US-style ACH bank payment, it's confusing that this isn't a reversible thing. I've had the experience of being overpaid several times, and the company just reverses the transfer. I guess wire transfers are just like handing a bag of cash over to the recipient?
This is an interesting story - I guarantee there are people in the company I work for who would happily fall for something like this and be in a position to approve a transaction of that size.
Re:Interesting that this isn't reversible (Score:5, Informative)
It would be reversible...if the money stayed in the destination account.
However, what they do is then split the money into many, many accounts, and keep moving it, travelling the world until it's laundered enough to recover.
As each account would require a court order to disclose what happened to the money in it, and different countries have different requirements to disclose and different languages, by the time they've chased down the money, it's already moved on - so they just don't bother.
Re:Interesting that this isn't reversible (Score:5, Informative)
Re: (Score:1)
afaiu it moving money out of China is so tightly controlled that Chinese companies have resorted to suing themselves via US subsidiaries to get money out that way
Re: (Score:1)
Um. No. The reason why property became super hot is, (1) depositors get too low interest rates. Happened right around the Asian Financial Crisis, and continues until now. (2) There's not many other investment vehicles to invest in. The stock market is very immature right now. (3) Government encouraged the property bubble, because local government was/is funding a lot of debt through property sales.
China (Score:4, Interesting)
China isn't just any country. This isn't Romania. There are tons of controls on international transactions. Otherwise there would be a giant sucking sound for a month or two and China would be empty of funds.
No it wouldn't. China has huge currency reserves to combat currency speculation. While it's not impossible, it would be pretty difficult to drain China of cash.
This is why property is always super-hot in China and prices everyone out of the market - there's really nowhere else to invest money.
That's simply not true at all. Property is hot in China because they have 20% of the world's population and their economy is growing like crazy. There are other factors in play (including the banks) but the main driver is simply demand from an increasingly prosperous populace which couldn't own land until fairly recently.
Re:Interesting that this isn't reversible (Score:4, Informative)
http://www.npr.org/sections/mo... [npr.org]
Re: (Score:3)
It was reversible and they did reverse it.
From the Article
"Two days later, the money was recovered."
Re: (Score:2)
That rather depends on the jurisdiction where the bank's located. In England & Wales it's certainly not the case that you can automatically issue an "undo".
http://www.theguardian.com/mon... [theguardian.com]
In China, Vanuatu or some mailbox on a rock in the Caribbean ... anybody's guess. Probably depends how friendly the account holder is with the local officials.
Re: (Score:1)
That rather depends on the jurisdiction where the bank's located. In England & Wales it's certainly not the case that you can automatically issue an "undo".
If the money was held in Zurich, all you'd need to do is issue a Ctrl+Z.
It is and it was (Score:4, Insightful)
If you read the article that is precisely what happened. The Chinese bank froze the funds, and then reversed the transaction.
There are cases where someone can get screwed out of this happening, but when action is taken quickly it usually can be reversed since everything is tracked.
Wire transfers and counterparty risk (Score:2)
I guess wire transfers are just like handing a bag of cash over to the recipient?
It's a bit more nuanced that that but it's not far from the truth. If you send a wire transfer you may as well be handing the other party that amount of cash. It's not without utility but it definitely carries significant counterparty risk.
Re: (Score:2)
These email/phishing attacks are quite common. The company I work for has come close to falling for this. Luckily they contacted me prior to investigate. We receive variant attacks like this about 6 times a year.
Dumb (Score:4, Insightful)
Re:Dumb (Score:4, Insightful)
A simple phone call to the CEO would have confirmed the request was legitimate.
And how do you think ANY boss would feel about being continually questioned "Did you really mean this?" by their underlings?
Re: (Score:2)
Re: (Score:2, Informative)
Not OP nor anyone else in the thread here. I do a lot of daily work involving sums both up to and larger than this size. Before I can whip a check out the door, I have to go to a committee which has our country CFO and CEO or their designees present. Once approved there, I have to go to the global committee for the same (international company). Then I have to go to the people who actually control the company checking account, and they verify that I got approval from the first two groups. They basically chec
Re:Dumb (Score:5, Interesting)
Re:Dumb (Score:4, Informative)
Re: (Score:2)
Re:Dumb (Score:5, Insightful)
To be fair, if this transaction quantity and type is something you deal with regularly, you can see how you might become lax in your procedures.
No excuse, to be sure. But I have sympathy for them.
Re: (Score:3)
Why would you think to ask for approval from the CEO when the CEO just sent you approval?
Re: (Score:2)
Re: (Score:2)
I don't deal with anywhere near that much money or make bank transfers but I always talk to the person directly before I approve squat. I know there are a few people annoyed by it and have even complained but I don't care, it would surely have stopped something like this. I procure a lot of hardware and have small department heads that get blind approvals and then try to sandbag the purchases with upgrades and extra peripherals they tend to get pissed when I take those quotes back to confirm approval only f
Re: (Score:2)
If you could determine that the email was faked then you wouldn't need to contact the CEO... because you already know it's fake.
Re: (Score:2)
No, (digitally) signed authorizations should be provided.
. . . and can we assume. . . (Score:3)
. . . .that the "finance executive" is no longer employed by Mattel ?? I note that in all the reports, this executive is carefully not named. . .
Re:. . . and can we assume. . . (Score:5, Funny)
. . . .that the "finance executive" is no longer employed by Mattel ?? I note that in all the reports, this executive is carefully not named. . .
In Mattel they don't kid around with failure. Not only you're "disappeared", they even continue de proud tradition of Damnatio memoriae, by which they delete every single mention to your name. Just as Horemheb tried to do with Akhenaten.
The pyramids were made by successively piling lego shaped rocks. Lego, the direct competence of Mattel! Coincidence? I think not.
Re: (Score:1)
Re: (Score:2)
Everybody makes mistakes. I can pretty much guarantee you that the exec in question won't easily fall for this again. If new procedures can come out of this that prevent these mistakes from happening again, then the 3 mil becomes an investment rather than a loss.
No they didn't (Score:4, Informative)
It's like Slashdot hasn't changed at all since the new Backslash guy or whatever his nick was took over. We're still getting all the duplicate stories and just plain wrong news. Sigh.
Re:No they didn't (Score:5, Insightful)
Perhaps you should meta moderate more?
Re: (Score:2)
I don't even get meta moderation anymore. IIRC, Rob Malda said I visit /. too much. :/
Re: (Score:1)
What exactly are you complaining about? The Slashdot title uses the word "phishing" which means "an attempt to acquire", which is exactly what it was: an attempt. Then the summary says things like "nearly cost them $3 million" and "The only thing preventing a total loss".
May I suggest learning reading comprehension before complaining about writing errors.
Re: (Score:2)
Re: (Score:1)
It's *somewhat* accurate. Essentially the phishing was successful, and it did go to the bank, but they were saved by a holiday which allowed them to later reverse the transaction.
Re:No they didn't (Score:4)
It's right there in the article.
Translation - Mattel was able to find the right banking and local law enforcement officials to bribe in China to get help on this and they were able to recover 90% of the money by only paying 10% out in bribes.
Not joking here. That's probably what really happened. Or the bad guys failed to bribe the right people in China to look the other way and the authorities decided to punish them be sending the money back.
offtopic semantic nazism (Score:1, Informative)
nearly cost them $3 million
cost them nearly $3 million
So do these two mean the same thing?
I feel like in the second case they lost the money, in the first they came close but did not.
Re:offtopic semantic nazism (Score:5, Informative)
From the Article
"Two days later, the money was recovered."
So the semantics from the summary were correct and it is the title is somewhat inaccurate or at least misleading.
zoom enhance (Score:2)
I assumed that the hero had managed to dramatically yank out the plug before the progress bar got to the end.
Re:Three waves (Score:5, Funny)
The first wave of people to immigrate are the people seeking education.
The Puritans came to America not to escape from religious persecution in Europe but to learn how to grow corn from the Native Americans?
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
No surprises here (Score:2)
Having worked there in the early 90s, I can tell you that the place runs more like Fairchild Semiconductor than Apple. RHIP and the left hand doesn't know what the right hand is doing.