CEO Fraud at Mattel
April 30 of last year was a hectic time for Mattel. Barbie wasn’t selling, particularly overseas. They were still recovering from a fiasco involving the recall of 19 million Chinese-made toys that were covered with lead paint and another involving Barbie playsets that contained dangerous magnets. In 2009, Mattel opened a six-story Barbie theme store in Shanghai only to see it close two years later.
Only a month after new CEO Christopher Sinclair took over from his previously fired predecessor, a seemingly innocuous email was received by a finance executive for a new vendor payment of $3 million to China. The executive wanting to make a good impression of the new CEO checked protocol and found that such a transfer required approval from two ranking managers. Both she and the CEO who supposedly sent the request qualified.
Later that day, she mentioned the transfer to her boss who told her he had never sent the request. Mattel went into crisis mode calling both their bank and the FBI. Fortunately for Mattel, May 1 is Labor Day in China. When banks reopened after the holiday, Chinese authorities were there to freeze the account and thanks to a stroke of luck, on May 6 their $3 million was returned to them.
This is a textbook case of CEO fraud. The cybercriminals researched everything they could about Mattel’s corporate structure and payment schedules, most likely through hacking into executive emails and social media. Once they had the information they were looking for, all they had to do was send a phishing email to a financial executive asking for money. Not only did it work, once Mattel became aware of the problem they found a dozen more attempted attacks.
If you run a business, whether large or small, and are concerned that you might be open to CEO fraud or are worried your employees might not be adequately prepared to recognize it when it occurs, contact us for a consultation.