Search

How can we help?

Icon

Phishers don’t discriminate against start-ups

Even giants like, Mattel (the toy-manufacturer), aren’t immune to the phishing attacks of those virtual villains who try to obtain sensitive information like credit card details and access codes in order get their hands on your money.

The funny thing is a lot of startups have various potentially-fatal misconceptions about the susceptibility of their business, including that they would not be of interest to phishers. On the contrary, phishers are aware that startups are more concerned about growth and increasing profile than dealing with email scams, which most of us techies think we could handle anyway. It’s pretty easy to spot and delete, right? Wrong.

Some businesses employ a two-step system for authorising bank transfers, which can offer some protection but that didn’t exactly stop phishers from penetrating Mattel’s two-step system and getting them to authorise a transfer of nearly £3 million to an account somewhere in China.

Monica Atwal

Managing Partner

View profile

+44 118 960 4605

Chambers and Partners

The Clarkslegal team are commercial and good to work with. They get what our business needs and tell me what I need to hear.

What happened to Mattel you ask? Well, an unnamed senior executive received an email requesting a bank transfer from the CEO Mr Sinclair (or so she thought). Before authorising the transfer, she did not question it because she thought she had satisfied the company’s policy.

Whatever your policy on payment of invoices and bank transfers in general may be, creating cultural awareness through training and communication is the key to preventing phishing.  Everyone is at risk of falling into a phishing net, regardless of seniority or how tech-savvy you are.

For example, make it a habit to step away from your emails when you receive a request for sensitive information or an email attaching an invoice for payment. Call up the person who you think sent you the email to double check that all is in order. You should not just give up information or open up an attachment because you think a trusted source has sent it.

This is not to say that you should slow down your business operations, it simply means that you should encourage your team to communicate with each other and err on the side of caution in certain circumstances. Mattel was lucky and did manage to get its money back but not all phishing experiences will end the same way and can have a devastating effect on a startup.

About this article

Disclaimer

This information is for guidance purposes only and should not be regarded as a substitute for taking legal advice. Please refer to the full General Notices on our website.

Monica Atwal

Managing Partner

View profile

+44 118 960 4605

About this article

Read, listen and watch our latest insights

Pub
  • 19 May 2025
  • Corporate and M&A

Thinking of exiting your business? Part 2

In the second instalment of our three-part series, join Stuart Mullins from Clarkslegal and Nicky Goringe Larkin from Succession Planning as they discuss the complexities surrounding business financing, accounting practices, and valuation strategies, along with key insights into private equity.

Pub
  • 16 May 2025
  • Employment

London Seminar – Understanding the Employment Rights Bill: Legal changes and what they mean for HR

We are pleased to invite you to an in-person seminar at our London office on Tuesday 24th June, hosted by our Employment Law team. Join Monica Atwal, Managing Partner; Katie Glendinning, Partner; and Amanda Glover, Associate, as they unpack the legal implications of the new Employment Rights Bill and what it means for your organisation.

Pub
  • 16 May 2025
  • Employment

Reading Seminar – Understanding the Employment Rights Bill: Legal changes and what they mean for HR

We are pleased to invite you to an in-person seminar at our Reading office Tuesday 17th June hosted by our Employment Law team. Join Monica Atwal, Managing Partner, Katie Glendinning, Partner and Amanda Glover, Associate, will unpack the legal implications of the new Employment Rights Bill and what it means for your organisation.

art
  • 15 May 2025
  • Immigration

The 2025 Immigration White Paper: A Turning Point in UK Immigration Policy

On 12 May 2025, the UK Government unveiled its White Paper titled “Restoring Control Over the Immigration System”, outlining the most substantial proposed changes to immigration law since the post-Brexit overhaul.

Pub
  • 15 May 2025
  • Employment

TUPE Podcast Series – Information and Consultation Obligations

In this ninth episode of our TUPE Podcast Series, Katie Glendinning, a Partner in the employment team, will examine the information and consultation obligations under TUPE.

art
  • 15 May 2025
  • Privacy and Data Protection

Ashley v HMRC – The High Court clarifies the scope of Data Subject Access Requests

DSARs are very rarely the subject of litigation, and they are even rarer in the High Court, so the case of Ashley v HMRC is a valuable decision for both data subjects and data controllers.