AI, fake deliveries and eCards: Protect your team from Christmas scams

There are lots of reasons to love the festive season – being scammed is not one of them. But the Christmas period is a perfect storm for fraudsters looking to abuse of businesses by exploiting their employees. It’s important for us all to recognise this threat and take action to mitigate it, while not forgetting to focus on all the good things about the holiday season.

During Talk Money Week (4-8 November 2024), this article from Sam Holmes, Head of Financial Coaching at Bippit, explores some of the financial threats over the festive season, and what you can do about them.

While some scams targeting businesses focus on infrastructure and security, many look to exploit the human factor. It’s these scams that tend to spike over the festive season, for several reasons:

• Longer period between pay days: December payday is often earlier, which means there’s a longer wait for the next one. At the same time, Christmas is an expensive time of year for many reasons, so there’s pressure on finances coming from two sides.

• Increased purchasing online: People are buying online a lot over the festive season, and this increased activity encourages fraudsters to increase their own activity. People will also feel under pressure to get sought-after gifts, which fraudsters will exploit.

• They get more deliveries: Lots more deliveries mean lots of SMS messages and emails about deliveries, and faking these is a common scam type. Fraudsters exploit this situation. Often people are genuinely expecting a message about their package, so their guard is down, and they'll be more likely to click on links they normally wouldn’t.

• A greater sense of goodwill: People are generally in good spirits over the festive season, perhaps more trusting, and more likely to give others - including scammers - the benefit of the doubt.

What type of scams targeting businesses are more likely at Christmas?

• Christmas bonus scams: lots of companies give Christmas bonuses, so scammers may create fake emails that appear to come from the HR team or a known contact offering a Christmas bonus. These may link to malicious websites which require the user to submit personal information or bank details.

• Internal communication scams: senior leaders are more likely to communicate over the festive season, so scammers take advantage of this by sending ‘personal’ notes from the CEO or another figurehead. These may contain requests for sensitive data or links to malicious websites.

• Identify verification scams: this scam can present in different ways, but they are all designed to harvest sensitive personal and company information. For example, it might an email asking you to update your payroll information or a free gift card from the company for working hard throughout the year.

• Fake eCards: Lots of eCards do the rounds over Christmas, which means people expect them. Scammers send them, and they look legit, but when you click the link, you get redirected to a website that may download trojans, adware, ransomware or similar onto your computer.

What about the us of AI in festive scams on business?

AI is always in the news and with good reason. It can help scammers in a multitude of ways, for example by increasing the scale of their operation and improving their targeting of individuals. But it also makes traditional scams much more believable. An employee mistakenly paid out $25m earlier this year after a call with the company’s Chief Financial Officer. Except, it wasn’t the CFO. It was a ‘deepfake’ – an AI video designed to look like a real person. AI is allowing scammers to rewrite the rule books on what counts as reality.

How can businesses protect themselves against festive season scams?

• Support seasonal workers: Companies hire seasonal workers for the festive season - these people are less likely to be familiar with the way you do things, for example what type of communications are sent internally, so may find it harder to spot scams. Make sure you provide appropriate training to this segment of your workforce.

• Use agreed and official lines of communication: make it clear to staff who will be communicating over the festive season and by which channel the communications will come. Give guidelines on how employees should send eCards, to reduce the chance of someone opening malicious hyperlinks.

• Support your employees’ financial wellbeing: many scams exploit an employee’s financial situation, for example with fake shopping discounts or gift cards. Support your employees with personalised financial guidance so they can take control of their financial future, set clear financial goals and improve their overall financial health. This can help make these types of scams - and get-rich-quick fraud in general - less attractive to individuals.

• Get people up to speed on AI: When it comes to combating AI scams, the important word is verification. In the past, it was possible to look for things that marked genuine communications from fraudulent ones, but AI has blurred the boundary permanently. The golden rule is: people should always verify requests via another route. Use training to show employees just how far AI has come, because unless they see some of the more sophisticated AI scams, it can be hard to believe they exist.

Overall, the message to businesses is to be aware that the festive season is a particularly lucrative time for scammers – and to make your employees aware too. Being forewarned and knowledgeable are two of the best forms of defense. We can all enjoy the festive season while keeping our businesses – and our employees – that little bit safer.

Sam Holmes is Head of Financial Coaching at Bippit, which offers a full suite of financial tools to employees, including unlimited financial coaching from experts with FCA-recognised qualifications. Bippit has just released its new research, Dynamics in Financial Wellbeing: The Inclusion Edition, which looks at vulnerable cohorts across the workforce and how you can improve their financial health.