The thieves’ plan wasn’t particularly complicated, but it almost worked. All it took was one email, which looked like a normal company message from the CEO of Mattel, Inc. to a high-ranking finance executive, asking for a new vendor transaction to a Chinese account. The executive thought everything checked out — the email looked like it was from her new boss, Mattel’s CEO Christopher Sinclair, so she sent the requested sum of $3 million off to the Bank of Wenzhou. But it wasn’t from Sinclair. Sinclair had never heard of the vendor request, and the struggling toy company’s $3 million was somewhere in the digital jungle, stolen by a shadowy network of cyberthieves who have scammed major companies out of more than $1.8 billion, according to The Associated Press.
The “Fake CEO” or “Fake President” scam is essentially just the “go big or go home” version of “phishing,” a common hacking or scamming technique where a criminal sends an email masquerading as a trusted person or company and asks for money, login information, or other personal details. It’s been used to steal celebrities’ nude photos, customer data, and even to “save” stranded Nigerian Astronauts. This time, it netted a thief or thieves a huge payday — until Mattel managed to get the money back.
Mattel’s first move was to frantically call its bank, the police, and the FBI. Despite their success at forensic investigations, the FBI told the toymakers they were shit out of luck, as the money was already far out of their jurisdiction (i.e. China.)
It wasn’t the first time. An Associated Press investigation found that Wenzhou has become a hub of international money laundering and cyber crimes, rerouting millions of dollars from gullible CEOs and citizens around the world to various nefarious enterprises. As one of the global economy’s biggest trading partners, China has both strong economic ties to nearly every western economy and a shaky criminal justice system with a history of corruption, making it the ideal environment for international crime networks.
The $3 million theft wasn’t even Mattel’s first blunder in China. In 2007, it had to recall 19 million Chinese-made toys for safety defects like lead paint and magnetic Barbie sets. In 2009, it opened the ill-fated “House of Barbie,” a lurid-pink six-story monument to the American icon in the middle of Shanghai’s shopping district. House of Barbie flopped after just two years; Mattel’s next move was a racially-insensitive “Violin Soloist Barbie” marketed to Chinese “tiger moms.” Now $3 million dollars were missing, and Mattel desperately needed to get its shit together.
Fortunately, the company hit its first stroke of luck. The funds were transferred on April 30, 2015. Usually, stolen money filters through Wenzhou’s small businesses and can disappear to anywhere in the world, but Friday, May 1, was a bank holiday. By the time the banks opened the following Monday, a Chinese Mattel executive had managed to get to the city and present the Bank of Wenzhou with a signed letter from the FBI. The bank immediately froze the accounts, and Mattel got its money back a few days later.
Mattel was also lucky that Chinese authorities have been cracking down on corruption as their economy slows, trying to bolster their international legitimacy.
“If we need help getting corrupt officials or bribes back, we need to offer assistance when other countries need it too,” Huang Feng, Director of the Institute for International Criminal Law at Beijing Normal University told AP. “The problem is not that the Chinese authorities have been uncooperative, it’s that we don’t have a relevant legal framework to implement.”
Both parties saw the crazy digital-crime caper as a landmark case for future cooperation, although if not for the bank holiday it might have had a very different ending. Mattel thanked the Wenzhou police, saying they “showed a great sense of responsibility and enforcement capability,” and that they hoped the case “can pave the way for future international cooperation in fighting similar transnational crimes.”
Mattel got their $3 million back (though who knows how much they spent trying to recover it), but the perpetrators vanished back into the digital wilds. And they’re taking better care now; the company told AP that they’ve tracked more than a dozen similar hacks since the Wenzhou caper. There’s no word as to whether the financial executive kept her job, but she certainly has a hell of a dinner party story to tell now.