Last December, an accounts payable clerk at a midsize company received an urgent text from her “CEO”: Buy $3,000 worth of Apple gift cards for clients, scratch the backs and e-mail the codes. It sounded unusual, but the request came under the boss’s name, and it was peak holiday chaos. By the time she verified the request, the scammer had already cashed out, leaving the business to absorb the loss.
That scam may sting, but others can devastate a business entirely. That same month, Orion S.A., a Luxembourg-based chemical manufacturer, became the victim of a much more severe cyberattack. An employee received what appeared to be routine e-mails requesting wire transfers – seemingly from trusted partners or colleagues. The messages appeared legitimate, urgent and in line with standard business activity. Without hesitation, the employee processed the transfers.
The result? $60 million sent straight to cybercriminals – over half of the company’s annual profits wiped out due to a few fraudulent wire transfers.
If you believe your Salt Lake City business is too small to be targeted, think again. Gift card scams alone cost companies over $217 million in 2023, and business e-mail compromise (BEC) attacks accounted for 73% of all cyber incidents in 2024. The holiday season is prime time for these attacks – your team is overwhelmed, under pressure, and handling more transactions than usual.
5 Holiday Scams Your Salt Lake City Employees Need To Know (Before They Cost You Thousands)
- “Your Boss Needs Gift Cards” (The $3,000 Text Trap)
The scam: Impersonators pretend to be owners or managers and pressure team members into buying gift cards for "clients" or "employee appreciation." In Q1 2024, 37.9% of BEC incidents were gift-card scams.
Prevention: Establish a company policy requiring two approvals for any gift card purchases. Train staff that leadership will never request gift cards through text messages.
- Invoice & Payment Switch-Ups (The Big Money Play)
The scam: Criminals send e-mails with "updated banking info" or hijack vendor threads just as year-end payments are due. In June 2024, the Town of Arlington, MA, lost almost $500,000 this way.
Prevention: Always confirm banking changes by calling a known number on file, not the one in the e-mail. Use a "phone call rule" for financial changes exceeding $5,000.
- Fake Shipping & Delivery Notices
The scam: Phishing e-mails or texts appear to come from USPS/UPS/FedEx with links to "reschedule delivery."
Prevention: Teach employees to go directly to carrier websites rather than clicking on links. Bookmark official tracking pages.
- Malicious “Holiday Party” Attachments
The scam: E-mails with attachments titled "Holiday_Schedule.pdf" or "Party_List.xls" that install malware when opened.
Prevention: Disable macros, scan attachments and make it standard practice to verify unexpected files before opening.
- Bogus Holiday Fundraisers
The scam: Fake charity sites or bogus "company match" campaigns designed to steal money or data.
Prevention: Share a vetted list of approved charities and ensure all donations go through verified platforms.
Why These Attacks Work (And How Salt Lake City Businesses Can Stop Them)
The same tools that help your business run – email, online banking, digital payments – are exactly what cybercriminals exploit. These aren’t outdated "Nigerian prince" scams. They’re smart, research-based attacks using social engineering tailored to your company.
Companies that conduct phishing simulations reduce their cyber risk by 60%. Yet, most Salt Lake City businesses never train staff. Multifactor authentication (MFA) prevents 99% of unauthorized logins, but many still depend only on passwords.
Your Holiday Cybersecurity Checklist
Before the holidays arrive in full swing, here are critical steps for Salt Lake City business owners:
The Two-Person Rule: All transactions above your set limit must be verbally confirmed via a different channel.
Gift Card Policy: Clearly state in writing that gift cards are never approved via text or email.
Vendor Verification: Confirm all banking and payment changes by phone using established contact info.
Multifactor Authentication: Enable MFA across email, banking, and cloud services.
Holiday Awareness: Hold a brief training with your team outlining these five scams, using real examples.
The Real Cost: More Than Just Money
While Orion’s $60 million loss made headlines, the hidden impacts hit Salt Lake City businesses just as hard:
Operations halted during the busiest time of year
Productivity lost while staff manage damage control
Customer trust damaged if sensitive client data is exposed
Cyber insurance rates increase after a security breach
The average business e-mail compromise incident costs $129,000 – enough to threaten many small to midsize businesses right when they’re hoping to finish the year strong.
Keep Your Salt Lake City Holiday Season Secure
The holiday season should be a time of celebration and business momentum, not recovery from cyber fraud. A quick team meeting, a few smart security policies and layers of IT protection can help keep criminals out of your network and accounts.
Remember: A single phone call could have saved Orion $60 million. With proper awareness and simple cybersecurity protocols, your business doesn’t have to become the next statistic.
Want to be sure your Salt Lake City team is protected before the end of the year? Book a 15-minute discovery call with us and we’ll guide you through fast, effective ways to secure your business.
Schedule Your Free Security Assessment
Because the best gift you can give your Salt Lake City business this season is peace of mind.
