Search

How can we help?

Icon

Phishers don’t discriminate against start-ups

Even giants like, Mattel (the toy-manufacturer), aren’t immune to the phishing attacks of those virtual villains who try to obtain sensitive information like credit card details and access codes in order get their hands on your money.

The funny thing is a lot of startups have various potentially-fatal misconceptions about the susceptibility of their business, including that they would not be of interest to phishers. On the contrary, phishers are aware that startups are more concerned about growth and increasing profile than dealing with email scams, which most of us techies think we could handle anyway. It’s pretty easy to spot and delete, right? Wrong.

Some businesses employ a two-step system for authorising bank transfers, which can offer some protection but that didn’t exactly stop phishers from penetrating Mattel’s two-step system and getting them to authorise a transfer of nearly £3 million to an account somewhere in China.

Monica Atwal

Managing Partner

View profile

+44 118 960 4605

Chambers and Partners

The Clarkslegal team are commercial and good to work with. They get what our business needs and tell me what I need to hear.

What happened to Mattel you ask? Well, an unnamed senior executive received an email requesting a bank transfer from the CEO Mr Sinclair (or so she thought). Before authorising the transfer, she did not question it because she thought she had satisfied the company’s policy.

Whatever your policy on payment of invoices and bank transfers in general may be, creating cultural awareness through training and communication is the key to preventing phishing.  Everyone is at risk of falling into a phishing net, regardless of seniority or how tech-savvy you are.

For example, make it a habit to step away from your emails when you receive a request for sensitive information or an email attaching an invoice for payment. Call up the person who you think sent you the email to double check that all is in order. You should not just give up information or open up an attachment because you think a trusted source has sent it.

This is not to say that you should slow down your business operations, it simply means that you should encourage your team to communicate with each other and err on the side of caution in certain circumstances. Mattel was lucky and did manage to get its money back but not all phishing experiences will end the same way and can have a devastating effect on a startup.

About this article

Disclaimer

This information is for guidance purposes only and should not be regarded as a substitute for taking legal advice. Please refer to the full General Notices on our website.

Monica Atwal

Managing Partner

View profile

+44 118 960 4605

About this article

Read, listen and watch our latest insights

art
  • 16 January 2025
  • Corporate and M&A

Business Asset Disposal Relief: Changes to CGT Relief and the Consequences for Business Owners

Developing a robust cybersecurity strategy is essential to ensuring value retention, securing sensitive data, minimising risks and a seamless transfer during and after the merger or acquisition.

art
  • 14 January 2025
  • Employment

Is this the end of working from home?

In this article, we explore what legal rights employees and businesses have in this context as well as considering more commercial factors.

art
  • 13 January 2025
  • Litigation and dispute resolution

Looking ahead to Dispute Resolution in 2025

2025 is shaping up to be a busy year with  a number of important changes due to be implemented by new legislation. In this article we take a look at a few of the changes affecting litigation and Dispute Resolution. 

Pub
  • 13 January 2025
  • Corporate and M&A

Preparing your business for exit – London Seminar

Join Stuart Mullins, Partner at Clarkslegal, and Nicky Goringe Larkin, Managing Director at Succession Planning, for a seminar on preparing your business for exit at Goringe Accountants London office.

Pub
  • 10 January 2025
  • Privacy and Data Protection

UK Data Protection: What happened in 2024 and what’s in store in 2025?

It’s been a year of political change and uncertainty for data protection. Join our data protection webinar, where we will discuss the implications of the Data Protection and Digital Information Bill not passing and the upcoming Digital Information and Smart Data Bill from the King’s Speech, which will affect existing laws.

art
  • 09 January 2025
  • Corporate and M&A

Business Owners: Reflecting on 2024 and what to expect from the New Year

In this article, we reflect on some of the changes made in the past year and look forward to what business owners might expect for the year ahead.