Mattel Barbie dolls
Mattel, known for its Barbie dolls, was the victim of an email phishing scam that almost cost the firm $3m Reuters

US toy company Mattel, the maker of Barbie dolls and Hot Wheels cars, was the victim of a sophisticated email phishing scam in 2015 that enabled cybercriminals to almost get away with $3m (£2.1m), but luckily a Chinese bank holiday and efforts by Chinese authorities managed to prevent the loss.

In April 2015, Mattel underwent corporate change, firing its CEO Bryan Stockton and instating Christopher Sinclair to take his place. Crafty Chinese cyber thieves sought to use this to their advantage by sending an email in Sinclair's name to an unnamed financial executive on Thursday 30 April 2015 requesting a new vendor payment to China, according to an Associated Press investigation into financial crimes in Wenzhou, Zhejiang province.

Hackers understood Mattel's internal corporate procedures

Mattel's company policy requires that two high-ranking managers are needed to approve any fund transfers made, and somehow the cybercriminals knew that this executive was qualified to make such a transfer, likely by hacking into corporate emails and researching social media in order to understand Mattel's corporate hierarchy and payment procedures.

So when the executive received the email from Sinclair, her new boss, she double-checked protocol, found that she was qualified to make the transfer and then immediately complied with his request, wiring over $3m to the Bank of Wenzhou.

Hours later, the executive casually mentioned the transfer to Sinclair and discovered that he hadn't made any such request, prompting frantic calls from Mattel to their US bank, the police and the FBI.

Unfortunately, the money had already reached China, just one of many transactions in a rising trend where US companies are tricked by fake CEO email scams into sending money through Chinese or Hong Kong banks to cybercriminals, with Wenzhou being the central base of an estimated 90% of the funds.

Luckily Chinese authorities stepped in

The incident couldn't have come at a worse time – in addition to the corporate upheaval, Mattel's operations in China had been struggling, and the company was in the process of repositioning itself as a child-development brand in the country.

However, luckily China was having a bank holiday on Friday 1 May 2015 for Labour Day, so Mattel notified Wenzhou police, which quickly launched a criminal investigation. And on the following Monday when the bank reopened, the Bank of Wenzhou froze the funds and the money was returned to Mattel two days later, according to a letter from Mattel thanking the Chinese authorities that was seen by AP.

It is still not known who was behind the scam, and documents seen by AP show that Mattel has tracked at least a dozen more phishing attempts, but it seems that Chinese authorities are improving international cooperation, especially as they pursue corrupt Communist Party officials who flee overseas with ill-gotten gains.