The holiday season is upon us — a season of joyful giving for most of us, but for scammers, it's the season of iniquitous taking. While most holiday scammers victimize individuals, many fraudsters target employees and businesses, too.
What are the most common holiday scams?
Make sure your company keeps an eye out for the following scams:
Corporate giveaway scams
Fraudsters commonly trick people into purchasing gift items online, then either do not fulfill orders or deliver items that are fake or very different from the advertised item. Some scammers take this modus operandi further by targeting businesses that are looking to buy giveaways or gifts for staff members and loyal customers. If your purchasing agent does not perform due diligence, they may end up sending company funds to scammers.
Free gift card scams
Who doesn’t like getting something for free? That’s what gifts are, essentially, so if a well-known company like Target sends emails offering free gift cards, people tend to think that the company is simply being generous. However, they fail to consider that this might be a phishing scam. Phishing emails often contain a link to a web page that will ask for their personal information in exchange for a gift, like a free gift card or rewards points. Needless to say, the victims don’t get the promised gifts, but the scammers obtain the info they need to perform identity theft.
While most cybercriminals do no more than hit their victim’s personal accounts, others use the information they’ve stolen to pose as their victims. They’d then send spoofed emails to the victims’ coworkers and trick them into divulging sensitive company information or making fraudulent transactions.
Holiday-themed phishing emails
Around Thanksgiving, nearly everyone gets inundated with emails for Black Friday and Cyber Monday promotions and other holiday deals. Scammers take advantage of this by sending spoofed emails that seem to be from legitimate businesses. The emails often contain links to fake login and registration pages designed to steal visitors’ account credentials and personal information.
At other times, these emails contain links to malware-laced websites. If one of your employees mistakenly clicks one of those links, the malware may infiltrate your company network and initiate a ransomware attack or data theft.
While the pandemic has largely subsided, charities continue to use online fundraisers to obtain donations from companies. You may want to consider exclusively attending in-person events, as fraudulent online fundraising campaigns have proliferated these past few years. Or, if your favorite charity is holding only online events, make sure to exercise due diligence before donating money.
While most holiday scammers victimize individuals, many fraudsters target employees and businesses, too.
How can your business avoid holiday scams?
Fraudsters are a crafty bunch who painstakingly make their scams look like legitimate holiday-themed campaigns. However, you can use the following resources so that you won’t fall for their wily ways:
- Charity Navigator – While this resource is mainly used to see whether a charity is aligned with a benefactor’s corporate values, it also grants donors a look at how transparent, accountable, and fiscally sound nonprofits are. It also has an advisories page containing reports of suspected or confirmed misconduct by charities.
- Federal Trade Commission (FTC) scam alert – This web page on the FTC’s website is constantly updated with the latest scams. Sign up for their newsletter to get alerts on new types of fraud.
- Better Business Bureau (BBB) scam database – This website contains information on all sorts of scams that target businesses. It also allows visitors to check if a business or a charity is legitimate and see if that entity is BBB-accredited or not.
Most holiday scams are aimed at stealing people’s money, while others are designed to help cybercriminals sneak into your company network and steal valuable data. Protect your business by partnering up with Healthy IT. Learn more about our cybersecurity services by contacting our IT specialists today.