The year-end rush is a gift to scammers. Impersonation. Payment switch-ups. “Do me a favor, buy gift cards.” These aren’t clumsy scams—they’re scripted cons built on research about your company. One gap in process is all it takes.
Why firms get hit in December:
- Speed over scrutiny: filings, vendor payments, year-end bonuses.
- Distributed teams: more approvals happening by text and e-mail.
- Noise: real messages buried under promos and holiday chatter.
The 5 Cons You’ll See (and the counter-moves):
- "We need Gift cards for clients—right now."
Counter-move: Create a written policy: No gift cards via text/e-mail. Two approvals required for any gift cards. Only Finance can send cards. - "Updated banking details” from a trusted vendor."
Counter-move: Verify changes by phone using a saved number. - "Reschedule your delivery" links.
Counter-move: Go direct—type the carrier site; blocklist lookalike domains. - "Holiday party schedule” attachments.
Counter-move: Block macros; preview in cloud; quarantine unexpected attachments. - Fake charity & year-end giving drives.
Counter-move: Publish an approved charity list and a single giving portal.
Make the crime impossible (or at least inconvenient):
- The Two-Person Rule: any money move over $X requires a second voice confirmation on a different channel.
- Multi-Factor Authentication everywhere: e-mail, payroll, banking, cloud.
- Role-based gift card controls: finance only; monthly caps.
- Quarter-hour huddle: show 3 real examples, rehearse the response.
Your 10-Minute Pre-Holiday Drill
- Share this post with finance, admin, and partners.
- Add “No gift cards by text/e-mail” to policy.
- Pick a dollar threshold and document the phone call rule.
- Turn on MFA across Microsoft/Google and bank portals.
- Save vendor phone numbers outside of e-mail threads.
Free Rapid Holiday Hardening Call (15 minutes). We’ll set your thresholds, write the one-page approval policy, and configure MFA/app passwords correctly. If you want, we’ll also run a quick phishing fire drill for your team this week.