The holiday season brings a flurry of online activity, from shopping for gifts to managing end-of-year business tasks. However, it also marks a peak time for cyber scams. With 97% of shoppers planning to do some of their holiday shopping online, and 44% planning to do more than half of it entirely online, scammers are eager to digitally exploit companies and customers alike.
This means heightened risks for small businesses from phishing attempts, fake invoices, and other holiday-themed scams. By staying informed and proactive, businesses can protect themselves and make the most of the season without unnecessary disruptions.
Common Holiday Cyber Scams
Holiday Phishing Scams
This time of year, holiday phishing scams are always a challenge. They often involve claiming to be someone they’re not, commonly with the goal of getting sensitive information. Threatening messages, offers that sound too good to be true, company emails coming from a free service (like Gmail), and odd writing mistakes are all signs. Phishing can come in many forms, so always be on the lookout for fake contacts.
Fake Invoices
Some holiday scammers will send out fake invoices, hoping they slip under the radar and get paid along with all the legitimate invoices. That is especially difficult when digital systems can make scams look legitimate, such as the PayPal invoice scam we highlighted last year. Since the holidays leave many small businesses busy, a fake invoice may go completely undetected as staff take time off and sales increase.
Package Delivery Scams
An increasingly popular cyber threat is package delivery and missed package scams. Since businesses and customers alike receive a lot more packages during the holidays, delivery issues can be more believable. These often arrive via text or email and claim they’re from a popular online company like Amazon. They usually include a link, which may direct you to a contact form to attempt to steal personal info or your account login details.
Holiday Ad Scams
This type of scam involves paying for advertising services that don’t exist. In rare cases, the purchased ad may technically exist, but it’s not in a place where anyone will view it. Other gray areas involve charging high fees for low-quality ads or setting up listings that may take little time or effort. As many companies consider investing more in advertising and awareness for upcoming sales, using a trusted advertising partner is important.
Online Shopping Scams
While small businesses may offer sales of their own, they can also be customers. Whether needing office supplies, product materials, or bulk technology upgrades, the holidays are a great time of year to get discounts. If a sale sounds too good to be true, such as a $1500 laptop that only costs $300, then it likely is.
Gift Card Scams
Gift cards have been scammers’ go-to choice for over a decade. These are more likely to target employees and usually appear to be coming from a higher-up, such as the CEO. They often arrive via text and may claim someone in the company urgently needs gift card codes sent to them. Cybersecurity awareness is the best defense; people are less likely to fall for a scam if they know it’s possible.
Fake Business Awards
It’s natural for businesses to want to be recognized for everyone’s hard work. There are many legitimate awards, like CRN’s MSP 500 award. However, many business awards take advantage of this with made-up vanity awards that sound similar to real awards and hold no value. Applications often include small submission fees. From there, if a company is chosen as the “winner” of an award, they may have to pay additional money for whatever trophy, plaque, etc. is given.
Charity Scams
Kindness is a common theme during the holidays, but generosity is sometimes taken advantage of. Charity scams are more likely to happen during this time of year, often involving convincing pitches to convince small businesses that something is a worthy cause. The donation amount might even seem modest. However, it’s essential to check every request to ensure the charity exists and that most money goes towards the given cause.
Overpayment Scams
With this type of scam, a customer may send an overpayment for something they purchased. It’s more likely to happen with fake checks, where they send one for more than the amount needed. From there, they request you send the difference back and may even offer to let you keep a portion of what was accidentally sent. Eventually, the check will bounce, meaning the deposited money is not in your bank account, and the amount sent to the scammer is lost.
Social Media Scams
Not all cyber scams during the holidays take a soft-handed approach. An urgent fake support message is a common Facebook social media scam that targets small businesses. The scammers create a page, tag the company so it shows up in their notifications, and then scare them into clicking a link directly within the notification. Threats can come in many forms, such as claiming there’s an urgent security issue or threatening to lock the business account.
Tips for Avoiding Holiday Cyber Scams
The holiday season brings not only joy but also an increase in cyber scams targeting individuals and businesses. Scammers take advantage of the busy time, creating convincing traps to steal sensitive information or money. Protect yourself and your business with these essential tips:
- Stay Alert to Phishing Attempts: Be cautious of unexpected emails, texts, or messages that claim to be from reputable companies or individuals. Look for odd email addresses, grammatical errors, and urgent or threatening language.
- Verify Invoices Before Paying: Carefully review every invoice, especially during busy periods. If something seems off, contact the sender through official channels before processing payment.
- Inspect Delivery Notifications: Avoid clicking on links in package delivery emails or texts. Instead, check the status of shipments directly on the carrier’s official website.
- Use Trusted Advertising Partners: When investing in ads, research vendors thoroughly. Avoid deals that seem too good to be true or lack transparent details about where ads will appear.
- Shop Safely Online: Stick to well-known retailers and verify website authenticity. If a deal seems suspiciously low, it’s likely a scam.
- Educate Employees on Gift Card Scams: Train staff to recognize fake requests for gift cards, especially those claiming to be from company leadership.
- Validate Business Awards and Charities: Confirm the legitimacy of any award invitations or donation requests before providing money or personal information.
- Beware of Overpayment Schemes: Don’t refund overpaid amounts until payments are fully clear. Be especially wary of check payments.
- Monitor Social Media Activity: Look out for fake support messages or urgent notifications on social platforms. Verify communication through official business channels.
By remaining vigilant and following these tips, you can reduce the risk of falling victim to holiday cyber scams. Education and awareness are your best defenses against these evolving threats.
What To Do if Your Business Falls for a Cyber Scam
If your business becomes a victim of a cyber scam, follow these steps to address the issue and minimize further damage:
- Identify the Breach: Determine how the scam occurred and what has been compromised, such as financial transactions, sensitive data, or login credentials.
- Secure Accounts: Update passwords for affected accounts and enable multi-factor authentication. Disconnect any unauthorized access to systems or devices.
- Report the Incident: File a complaint with the FBI’s Internet Crime Complaint Center (IC3) and report the scam to the Federal Trade Commission (FTC). Notify your financial institution if there are any losses.
- Dispute Fraudulent Charges: Contact your bank or payment processor to stop or reverse unauthorized transactions and secure your accounts.
- Notify Affected Parties: Inform employees, customers, or partners who may be impacted by the scam and provide guidance on how to protect themselves.
- Assess the Damage: Review your systems and data for potential vulnerabilities or additional compromises.
- Strengthen Cybersecurity: To prevent future scams, implement stronger cybersecurity measures, such as employee training, system monitoring, and professional IT support.
By following these steps, your business can recover from a cyber scam and be better prepared for potential future threats.
How To Report a Holiday Cyber Scam
If you encounter a holiday cyber scam, reporting it can help protect others and assist in holding scammers accountable. You can file a complaint with the FBI’s Internet Crime Complaint Center (IC3) if you or someone you know has been targeted. Additionally, you can report scams to the Federal Trade Commission (FTC) at ReportFraud.ftc.gov. While the FTC doesn’t solve individual cases, your report helps them investigate and act against fraud.
Stay Safe This Holiday Season With ITonDemand
The holiday season often brings an increase in cyber scams like phishing emails, fake invoices, and package delivery fraud, making it challenging for small businesses. Protecting your business requires more than just vigilance; it takes a proactive approach. At ITonDemand, we specialize in helping businesses stay secure with comprehensive cybersecurity solutions tailored to combat these growing threats.
From 24/7 monitoring and employee training to robust data protection, we provide the expertise and tools you need to safeguard your operations. With ITonDemand handling your cybersecurity, you can focus on running your business and enjoying the holidays with peace of mind.