Search

How can we help?

Icon

Phishers don’t discriminate against start-ups

Even giants like, Mattel (the toy-manufacturer), aren’t immune to the phishing attacks of those virtual villains who try to obtain sensitive information like credit card details and access codes in order get their hands on your money.

The funny thing is a lot of startups have various potentially-fatal misconceptions about the susceptibility of their business, including that they would not be of interest to phishers. On the contrary, phishers are aware that startups are more concerned about growth and increasing profile than dealing with email scams, which most of us techies think we could handle anyway. It’s pretty easy to spot and delete, right? Wrong.

Some businesses employ a two-step system for authorising bank transfers, which can offer some protection but that didn’t exactly stop phishers from penetrating Mattel’s two-step system and getting them to authorise a transfer of nearly £3 million to an account somewhere in China.

Monica Atwal

Managing Partner

View profile

+44 118 960 4605

Chambers and Partners

The Clarkslegal team are commercial and good to work with. They get what our business needs and tell me what I need to hear.

What happened to Mattel you ask? Well, an unnamed senior executive received an email requesting a bank transfer from the CEO Mr Sinclair (or so she thought). Before authorising the transfer, she did not question it because she thought she had satisfied the company’s policy.

Whatever your policy on payment of invoices and bank transfers in general may be, creating cultural awareness through training and communication is the key to preventing phishing.  Everyone is at risk of falling into a phishing net, regardless of seniority or how tech-savvy you are.

For example, make it a habit to step away from your emails when you receive a request for sensitive information or an email attaching an invoice for payment. Call up the person who you think sent you the email to double check that all is in order. You should not just give up information or open up an attachment because you think a trusted source has sent it.

This is not to say that you should slow down your business operations, it simply means that you should encourage your team to communicate with each other and err on the side of caution in certain circumstances. Mattel was lucky and did manage to get its money back but not all phishing experiences will end the same way and can have a devastating effect on a startup.

About this article

Disclaimer

This information is for guidance purposes only and should not be regarded as a substitute for taking legal advice. Please refer to the full General Notices on our website.

Monica Atwal

Managing Partner

View profile

+44 118 960 4605

About this article

Read, listen and watch our latest insights

art
  • 12 September 2024
  • Privacy and Data Protection

2024 in review: tracking key data protection developments

As we approach the final quarter of 2024, it’s an opportune moment to revisit the data protection trends and developments that were anticipated at the end of 2023. Now, let’s see how those predictions have played out.

art
  • 10 September 2024
  • Employment

Sun, Fun and fairness – Amanda Glover writes for Business Voice magazine

Amanda Glover in Business Voice magazine discusses how employees at Harrods, the iconic luxury department store in London, are considering strike action over what the workers deem to be a discriminatory annual leave policy.

Pub
  • 06 September 2024
  • Corporate and M&A

How to exit your business – Reading Seminar

Due to popular demand, Nicky Goringe Larkin and Stuart Mullins, will be hosting a repeat of the ‘How to exit your business’ seminar at Clarkslegal’s Reading office.

Pub
  • 05 September 2024
  • Public Procurement

Public Procurement Annual Update 2024

The Procurement Act 2023 is coming into force on 28 October 2024, bringing with it major changes to public procurement procedures and legal remedies. Join our Public Procurement team as they provide you with the essential information you need to know.

art
  • 02 September 2024
  • Employment

Social Media – how private is your personal data

Nowadays most people have at least one social media account. Whether it’s Facebook or TikTok, X, or LinkedIn, most adults have an online presence.

art
  • 29 August 2024
  • Privacy and Data Protection

What a controller or a processor needs to know…in a nutshell

Data processing agreements are a common feature of contracts for the supply of services, for example often featuring as self-contained schedules to master services agreements.