Toy manufacturing giant Mattel was recently the target of a whaling scam that could have been both highly embarrassing and extremely costly, if not for a single stroke of luck.

If you’ve not heard the term, “whaling” is a subset of the phishing scams that hackers commonly run, with the key distinction being that whaling scams tend to target high level executives of a given company on the thinking that a bigger target tends to yield a bigger prize.

In this case, the hackers took advantage of a period of relative chaos inside Mattel, owing to the transition of newly installed CEO, Christopher Sinclair. The attack took the form of targeting a high ranking executive within the company with an email that seemed to come from Sinclair himself. The email requested funds in the sum of $3 million USD to be wired to the Bank of Wenzhou for a vendor.

Everything appeared to be in order, so the executive complied with the request, only to discover several hours later that something was amiss. Unfortunately, since the transfer was already underway, it appeared that nothing could be done to reverse it.

This, however, is where fortune smiled. The next day was Good Friday, which is a bank holiday. The extra day allowed company officials to work with the Chinese government in order to see the transfer cancelled before the hackers could actually collect the money.

It was a lucky break for Mattel that could have ended very differently, and it underscores the fact that social engineering tricks can often undo even the best security protocols a company might have in place.

Too often, company executives forget that much of what they do is in the public eye, and that hackers are no doubt watching and aware. Especially during times of transition, it is all too easy for a seemingly innocuous email that appears to be from one of the key principles in a company could lead to a tragic, and extremely costly mistake.