The Holiday Hustle: 5 Scams That Target Businesses During Peak Season
Written By
Banc of California
Many business owners look forward to the holiday season and the surge in sales it brings. But this can be a double-edged sword. Higher transaction volumes, tighter deadlines and seasonal staff can leave you vulnerable to common business scams. Fraudsters know that distracted owners and overworked teams are less likely to scrutinize emails, invoices and phone calls, which can result in inadvertently paying deceptive bills or disclosing sensitive information.
Don’t let your business become a victim this year. Start protecting yourself by understanding the top scams that target businesses in busy seasons, and how to help prevent them.
Scam No. 1: Fake Invoices and Vendor Impersonation
Invoice fraud and vendor impersonation scams are actually common year-round. It typically starts when a fraudster sends you a realistic-looking invoice or spoof email requesting an urgent payment. They’re typically very close to the real thing in terms of formatting, logos and language, making them difficult to spot at first glance.
During the holidays, they’re even more effective, since businesses are often processing dozens or even hundreds of invoices while focusing on keeping their supply chains moving. In the chaos, it’s easy to miss red flags like an email address that’s not quite right or an unexpected payment request. Unfortunately, even a single rushed payment could result in thousands of dollars in losses.
Protect yourself: Implement a consistent verification process, even when time is tight. Check invoice amounts and payment terms against your records. And if payment information has changed, verify using a known phone number, rather than email alone.
Scam No. 2: Phishing “Rush Orders” or Urgent Purchase Requests
During the holiday season, phishing scams for businesses often rely on urgency. For example, this scam often starts with someone pretending to be an executive, client or vendor with a time-sensitive purchase request. They’ll use pressure, telling staff that the order “must ship today” to bypass the normal approval process.
During peak season, even companies with a business fraud prevention program in place could fall victim when they’re focused on keeping customers happy.
Protect yourself: Slow down, even when you feel pressured. If in doubt, always verify over the phone using a trusted number. Set a company policy that all urgent payment requests must be verified through a secondary channel, and large payments must be approved by two authorized individuals.
Scam No. 3: Gift Card and Reimbursement Scams
Gift cards have become one of the trendiest holiday scams for businesses. Often, someone posing as the business owner or senior executive sends an email or text message requesting immediate purchase of bulk gift cards for client gifts, employee rewards or vendor appreciation gifts. Like many common business scams, it emphasizes urgency and asks the employee to buy the cards and send the codes via email or text.
It seems like a reasonable request during the holiday season, but once the codes have been sent, the funds are virtually impossible to recover.
Protect yourself: Always verify any unusual reimbursement or reward requests. Create and communicate a company policy that limits how gift cards are purchased and prohibits sending codes via email or text.
Scam No. 4: Fake Charities and Donation Requests
During the holiday season, business owners often want to give back to their communities while also maximizing their year-end charitable contributions. Unfortunately, scammers may take advantage of this by impersonating nonprofits, creating professional-looking websites, and using names that are similar to legitimate charities.
A well-timed contribution request can easily fly under the radar, leading to financial losses and the disappointment of finding out your contribution never reached those in need.
Protect yourself: Avoid clicking links in donation emails. Instead, go directly to an organization’s website and use official payment channels. If donating to a lesser-known charity, check its registration with the IRS or a state database.
Scam No. 5: Social Engineering and Impersonation Calls (Vishing)
In the past, business fraud protection often focused on avoiding email scams, but advances in technology have created new dangers. With social engineering fraud, scammers “hack” people instead of technology. They use voice phishing, or “vishing,” to impersonate trusted individuals over the phone. They may pose as a company executive, bank representative, IT support person or government official, asking for sensitive information like log-in credentials or account numbers.
These calls are often very convincing. They may have gathered information about the company to establish credibility and will stress the urgency of the situation, hoping to override normal caution.
Protect yourself: Never share log-in credentials or transaction information by phone, even if the caller and caller ID seem legitimate. If someone claims to be a business partner or calling from a trusted institution, hang up and call back using a verified number from the organization’s official website or your records. Train all staff members to say they must verify through official channels and report suspicious calls immediately.
How to Protect Your Business Year-Round
While scam activity may spike during the holidays, fraud prevention should be a part of your everyday business strategy. Use these precautions to help minimize risk and protect your company:
- Establish internal controls: Require dual approvals for payments and account changes. Reconcile transactions daily and maintain verified, up-to-date contact lists for vendors and partners. Do not accept new payment instructions without verifying with individuals from the original instructions using the former contact information.
- Train your team: Educate employees and third-party partners about common scam tactics, such as phishing, vendor impersonation, invoice fraud and vishing. Include reminders regularly in team meetings and onboarding.
- Leverage your bank’s security tools: Use transaction alerts, ACH blocks, company ID and origination limits, Positive Pay, and multifactor authentication to add extra protection to your accounts and systems.
Stay Vigilant During the Holiday Rush
Falling for a holiday scam can cost you time and money, and create operational disruptions that continue well into the new year. Effective holiday fraud awareness for businesses starts with recognizing the tactics criminals use.
While scams used to be primarily aimed at business email compromise, fraudsters are getting more sophisticated every year. AI-generated content, spoofed phone numbers and detailed research about your company can make these attempts virtually indistinguishable from legitimate communications. A few extra seconds of caution could prevent costly errors.
Banc of California offers a range of resources to help keep your information and accounts secure, including alerts, educational webinars and customizable security controls. Explore more cybersecurity and fraud prevention articles on our Business Insights page.
As a reminder, Banc of California will never contact you via text, email or phone to request your password or other sensitive information.
CONNECT WITH A RELATIONSHIP MANAGER
COMPLETE THIS FORM OR CALL
877-770-BANC (2262)