Blog
← Back to Blog
November 21, 2016 cybersecurity

Black Friday Scams: Protect Your Business and Your Team

Shopping and holiday season concept

Black Friday is this week. Cyber Monday follows right behind. And if you think the shopping frenzy is just a consumer problem, think again. The holiday season is prime time for business-targeted scams, and your practice is a target.

Here's what we're seeing and what to watch for.

The Holiday Phishing Surge

Phishing attacks increase by 30-50% during the holiday season. Attackers know that people are distracted, inboxes are full of shipping notifications and sale announcements, and the volume of legitimate commercial email makes it easier to slip in something malicious.

Common holiday phishing themes targeting businesses:

  • Fake shipping notifications: "Your package couldn't be delivered. Click here to reschedule." These look exactly like real UPS, FedEx, and USPS emails.
  • Fake order confirmations: "Your order of $847.99 has been confirmed. Click here if you didn't make this purchase." The panic of an unauthorized charge makes people click without thinking.
  • Holiday e-cards: "Someone sent you a holiday greeting!" with a malicious attachment or link. These have been used to deliver malware for years, and they still work.
  • Year-end invoice scams: "Please review your Q4 invoice" with an attached PDF or Word document containing malware. These target accounting and billing staff specifically.

Business-Specific Threats

Fake Vendor Invoices

End-of-year is when businesses process a lot of invoices. Scammers send fake invoices that look like they come from real vendors, dental supply companies, software vendors, service providers. The invoices are for plausible amounts and the sender addresses are spoofed to look legitimate. Billing staff who are processing dozens of invoices may not catch the fake.

Gift Card Scams

The "CEO gift card scam" spikes during the holidays. An email that appears to be from the practice owner asks a staff member to buy gift cards for a holiday bonus or client gift. "Buy 10 $100 Amazon gift cards and send me the codes. I'll reimburse you." It's always urgent. It's always via email. And it's always a scam.

Charity Fraud

Fake charity solicitations increase during the giving season. Before your practice donates to any organization, verify it's legitimate through sites like Charity Navigator or GuideStar.

Protecting Your Practice

  1. Brief your team. A five-minute reminder at your next team meeting: holiday scams are ramping up, be extra cautious with email, verify unusual requests by phone.
  2. Verify invoices. Any new vendor invoice or change in payment details gets verified with a phone call to the vendor's known number (not the number on the suspicious invoice).
  3. Establish a gift card policy. "We will never ask anyone to purchase gift cards via email." Say it clearly. Post it visibly.
  4. Watch for personal shopping on work devices. If employees are doing holiday shopping on work computers, they're exposing your network to the same risks. Consider reminding staff to use personal devices for personal shopping.
  5. Update your email filtering. Make sure your spam filters and email security are current. Holiday-themed malware campaigns are already launching.

Enjoy the Holidays, Stay Alert

The holiday season should be enjoyable. A little awareness goes a long way toward making sure a scam doesn't ruin it. Share this list with your team, stay alert, and have a great Thanksgiving.