Thieves took advantage of a recent company shakeup and corporate policy regarding payments Mattel, the popular toy maker behind Barbie and Hot Wheels, was the victim of a Phishing attack last year that nearly cost them $3 million. The only thing preventing a total loss was a mixture of timing and luck, because the day following the attack happened to be a banking holiday in China.Details of the attack against Mattel come from a report by the Associated Press, investigating money laundering and other financial crime in Wenzhou, China.On April 30, 2015 a finance executive got a note from the newly installed CEO, Christopher Sinclair, requesting a new vendor payment to China. The finance executive didn’t see anything wrong with the request, but checked protocol anyway.Transfers required approval from two high-ranking managers; she qualified and so did the CEO. The transfer was made. In total, $3 million dollars was wired to the Bank of Wenzhou in China. She mentioned the payment later to Sinclair, who denied making the request. Mattel contacted law enforcement and their U.S. bank, but were told that it was too late – the money was gone. The thieves had hit Mattel at just the right time. A new CEO had just started and the company was getting ready for massive growth in China, so payments to the nation wouldn’t be out of order.To further their schemes, according to source who spoke to the Associated Press on the condition that they not be named, the thieves likely did some homework. Prior to the attack, the person(s) responsible researched how the company operates regarding payments, and mined social media to learn the names of key individuals (as well as compromise corporate email) in order to make the request look as legitimate as possible.But Mattel got lucky. May 1 was a banking holiday in China. The following Monday they were able to get assistance from local law enforcement and banking officials to freeze the account that held the stolen funds. Two days later, the money was recovered.There have been a number of high-profile Phishing attacks against corporations over the last few years. At first, the target was wire payments, and as the Associated Press discovered, most of the money stolen in those cases are sent to Wenzhou, China.But the latest scams target an organization’s employees, seeking W-2 records that enable tax fraud and identity theft.In the first quarter of 2016 alone, more than three dozen organizations have been targeted by scammers Phishing for W-2 records or similar employment details, such as salary information, withholding details, and PII (Personally Identifiable Information).“Business email fraud is the latest phishing tactic being used against companies by cyber attackers and it’s successful because it’s easy to do and it works. Despite all the awareness campaigns, people still fall for phishing attacks, especially if they impersonate someone they know,” said Oren Falkowitz, co-founder and CEO of startup Area 1 Security. “We are only going to see social engineering targeting corporate employees grow and education won’t stop it. The industry needs to have a greater focus on taking effective action to stop these threats from reaching the end user in the first place.” Related content news Gwinnett Medical Center investigating possible data breach After being contacted by Salted Hash, Gwinnett Medical Center has confirmed they're investigating a security incident By Steve Ragan Oct 02, 2018 6 mins Regulation Data Breach Hacking news Facebook: 30 million accounts impacted by security flaw (updated) In a blog post, Facebook’s VP of product management Guy Rosen said the attackers exploited a flaw in the website's 'View As' function By Steve Ragan Sep 28, 2018 4 mins Data Breach Security news Scammers pose as CNN's Wolf Blitzer, target security professionals Did they really think this would work? By Steve Ragan Sep 04, 2018 2 mins Phishing Social Engineering Security news Congress pushes MITRE to fix CVE program, suggests regular reviews and stable funding After a year of investigation into the Common Vulnerabilities and Exposures (CVE) program, the Energy and Commerce Committee has some suggestions as to how it can be improved By Steve Ragan Aug 27, 2018 3 mins Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe