Dive Brief:

• Toy maker Mattel was the victim of a phishing scam last year that almost cost the company $3 million, according to a report from the Associated Press.
• A financial executive accepted a request to wire $3 million to a bank in China for a new vendor payment. Later, realizing the request was a scam, the company jumped to stop the request, but the money was already in China.
• Luckily, the day following the attacks happened to be a banking holiday in China and Mattel was able to recover the funds. 

Dive Insight:

According to reports, last year an unnamed finance executive received an email from Mattel’s new CEO requesting a new vendor payment to China. The CEO never made such a request, however. Because the next day was a banking holiday local law enforcement and banking officials in China had enough time to freeze the account.

Mattel's brush with a phishing scam shows the ease of these attacks. Though the identity of the Mattel perpetrator is still not known, it’s clear he or she knew that there was a new CEO on board who may not have been familiar with all the toy maker’s accounts, and knew that Mattel’s business dealings in China were growing, preventing the payment from raising a red flag.

Phishing attacks against corporations have been growing over the last few years, and several high-profile attacks have taken place in just the last few months. On March 1, Seagate Technology gave up the 2015 W-2 forms of all its current and former U.S.-based employees in a phishing scam. The week before, Snapchat revealed it was also the victim of a phishing scam when an employee released company payroll information to an attacker pretending to be CEO Evan Spiegel. The payroll specialist that received the email did not realize it was a scam and dutifully responded with the requested data.