Toy maker Mattel has recovered some US$3 million it shipped off to Chinese hackers who sent a well-crafted phishing email to a finance executive.

The recovery was mostly down to luck: the cash was wired on a Chinese bank holiday which meant the funds were held up and returned by fast-acting authorities.

Sources told Associated Press that the well-researched phishing email appeared to be written by newly-minted chief executive officer Christopher Sinclair, one of two execs required to sign off on large cash transfers.

The unnamed financial executive was also on the approved sign off list, and so the money was wired to the Bank of Wenzhou, China.

Attackers had harvested open source information on staff, and is thought sources say to have hacked Mattel in order to understand its corporate hierarchy and payment patterns.

Mattel rang the FBI and local and foreign banks, and later sent an anti-fraud investigator for the US$5.7 billion company into the Bank Wenzhou headquarters with an FBI letter in hand.

The bank is located in a region infamous for tunnelling cash stolen from CEO phishing scams.

The Barbie-making concern has since tracked a dozen more chief executive officer scams that have arrived since the attack. ®