The Holiday Scam That Cost $60 Million
(And How to Make Sure It Doesn’t Happen to You)
Let’s set the scene: it’s December. The office is buzzing, everyone’s juggling end-of-year to-dos, holiday treats are making the rounds, and your team is running at full speed. In the middle of all that chaos, one of your employees gets a text from you (or so they think).
“Can you grab $3,000 in Apple gift cards for clients? Scratch the backs and email me the codes — need them fast.”
It’s a little weird... but hey, it's the holidays, and things are moving fast. So, they do it.
Later, they find out it wasn’t you. The text came from a scammer using your name — and now the money’s gone.
This kind of scam really happened. And unfortunately, it’s far from rare.
When Distraction Meets Deception
During the 2024 holiday season, a chemical company in Europe was hit by something much worse. A staff member received what looked like normal payment requests — no red flags, just business as usual. They processed the transfers without a second thought.
By the time anyone realized it was a scam, $60 million had vanished into a cybercriminal’s account.
One phone call — just one — could’ve stopped it.
These aren’t fluke events. And they aren’t limited to big companies either. In fact, small businesses are often easier targets — especially during the holidays, when teams are overwhelmed, short-staffed, and focused on finishing the year strong.
5 Common Holiday Scams (And How to Spot Them Early)
Here are the biggest scams we’re seeing right now — and how to make sure they don’t land on your desk this season:
1. The Fake CEO Gift Card Request
“Can you run out and grab a few gift cards real quick?”
How it works: A scammer impersonates someone in leadership (often via text) and asks a team member to buy and send gift card codes ASAP.
How to prevent it:
- Create a hard rule: No gift cards without two-person approval.
- Let your team know: you’ll never make this kind of request by text or email.
2. Invoice & Banking Detail Switch-Ups
“Hey, our payment info has changed. Can you update it before the wire goes out?”
How it works: Fraudsters insert themselves into vendor email threads and send “updated” payment details — often just before a real invoice is due.
How to prevent it:
- Pick up the phone and call a known contact (not the number in the email) to verify any payment changes.
- Put a “call to confirm” rule in place for any payments over $5,000.
3. Phony Delivery or Shipping Notices
“Click here to reschedule your FedEx delivery…”
How it works: These look like legit shipping alerts from UPS, FedEx, or USPS, but the links lead to phishing sites or malware.
How to prevent it:
- Train staff to go directly to the carrier’s official site — no clicking links in texts or emails.
- Bookmark tracking sites your team uses regularly.
4. Malicious Attachments Disguised as Party Info
“Open the holiday schedule in the attachment!”
How it works: Email attachments like “Holiday_Party_List.xls” may contain hidden malware. One click can infect your system.
How to prevent it:
- Block macros in documents.
- Train your team to pause and verify unexpected attachments, even if they look friendly.
5. Fake Charities and Fundraisers
“Double your donation with a company match!”
How it works: Scammers set up fake charity pages or send phishing emails pretending to be from well-known organizations or your own HR team.
How to prevent it:
- Share a list of approved charities with your team.
- Funnel all donations through verified portals — not email or text links.
Why These Scams Work (And How to Shut Them Down)
Cybercriminals are smart. They don’t rely on shady-looking emails anymore. Instead, they take time to research your company, mimic your vendors, and target your busiest team members.
The good news? A few simple tools can shut down most of these attacks:
✅ Phishing training cuts risk by 60%
✅ Multi-factor authentication (MFA) blocks 99% of account hacks
✅ Policy + awareness = your best line of defense
Your Holiday Cyber Safety Checklist
Here’s what we recommend you put in place before the holiday rush hits:
- ✅ The Two-Person Rule: Any financial transaction over your chosen amount needs a second pair of eyes — and a voice verification.
- ✅ Gift Card Policy: Put it in writing: no gift card purchases via email or text.
- ✅ Vendor Payment Changes: Confirm over the phone using numbers already on file.
- ✅ MFA Everywhere: Especially email, banking, and any cloud software.
- ✅ Holiday Team Briefing: Walk through these 5 scams in a team meeting — real examples stick.
The Real Cost Isn’t Just Money
The $60 million Orion lost made headlines, but the hidden damage hits small businesses hardest:
- Losing momentum right when you’re trying to close the year strong
- Hours (or days) of chaos fixing what went wrong
- Damage to client trust if data is involved
- Higher insurance premiums and tighter cash flow
The average loss from one of these scams? $129,000. For many small businesses, that’s devastating — especially at the end of the year.
Let’s Keep the Holidays Happy (Not Hacked)
The holidays are a time for celebration, not crisis mode. A few smart policies and a little team prep can go a long way in keeping your business — and your peace of mind — intact.
And if you’re not sure where to start, we’re here to help.
Book a free 15-minute security review and we’ll walk you through easy steps to lock down your systems before the new year.
Because honestly, the best gift you can give your business this season is safety and peace of mind.
🎁 Schedule Your Free Security Assessment Here
If you are interested in hiring us to manage your IT infrastructure, please reach out to us here.