Last December, a shop supervisor at a 75-person machining company in West Valley City got a text from their "CEO" asking them to buy $2,000 in gift cards for a client thank-you gesture. No time to question it—end-of-year orders were flying out the door, and the sender's name matched the boss's. The cards were bought, the codes emailed—and the money was gone before anyone realized it was a scam.
Sounds small, but scams like this add up fast. And worse ones can shut down production completely. That same month, a European manufacturer lost over $60 million to a cyberattack—all from a single employee following instructions from what looked like a routine email.
If you think your Salt Lake City manufacturing company is too small or too niche to be targeted, think again. In 2024 alone, gift card scams cost U.S. businesses over $217 million, and business email compromise (BEC) attacks made up 73% of all cyber incidents.
5 Holiday Scams Salt Lake City Manufacturers Need To Watch For
- "Your Boss Needs Gift Cards" (The $2,000 Text Trap)
The scam: Someone impersonates your plant manager or owner and requests urgent gift card purchases for a client or staff appreciation.
Why it works: In the chaos of holiday orders, nobody double-checks.
Prevention tip: Create a hard policy—no gift card requests are ever approved over text. Always require voice verification from two leaders before making a purchase.
- Invoice & Payment Diversion (The Big-Money Play)
The scam: Just as you’re closing out year-end invoices, someone sends a "banking update" pretending to be your tooling or materials supplier.
Why it works: You’re rushing to clear accounts payable. The email looks legit.
Prevention tip: Never update payment info based on an email alone. Always call your known contact at the vendor to confirm changes.
- Fake Delivery Notices
The scam: Spoofed messages from "FedEx" or "UPS" say you missed a critical delivery. They link to malware.
Why it works: Parts and materials are flying in and out daily. Urgency is real.
Prevention tip: Train staff to avoid clicking links in delivery emails. Instead, log in directly to the carrier's site.
- "Holiday Party Schedule" Attachments
The scam: Emails arrive with innocent-looking files like "Holiday_List.xls." They’re rigged with malware.
Why it works: It looks internal. Who doesn’t want to know what’s on the menu?
Prevention tip: Disable macros, run all attachments through scanning tools, and never open unexpected files without confirmation.
- Bogus Holiday Fundraisers
The scam: A fake charity or "company match" campaign asks for donations or clicks.
Why it works: Folks want to give back, especially this time of year.
Prevention tip: Share a list of verified donation options and instruct staff to avoid any email solicitations.
Why These Attacks Work (And Why Salt Lake City Manufacturers Are Prime Targets)
Your shop's tools—email, online banking, digital purchase orders—are the same tools attackers use. These aren't sloppy scams. They're intelligent, targeted, and often researched specifically for companies like yours.
And during the holidays? Your systems are busier. Your crew is distracted. Your OT and IT networks are more exposed.
Still think you're flying under the radar?
- Most Salt Lake City shops have fewer than 100 people—big enough to have value, small enough to lack internal IT.
- If you're in aerospace, medical, or defense supply chains, you’re sitting on sensitive IP.
- Your OT systems likely include older SCADA or CNC machines still running legacy software—making them an easy backdoor.
Your Holiday Security Checklist
If you make just one pass through this list, you’ll be better off than 90% of the shops in the valley:
- Two-person rule: Require dual approval and voice confirmation for all transactions above $5,000.
- Gift card policy: Make it written and well-known that no gift card requests will ever be made via email or text.
- Vendor payment verification: Any banking change must be confirmed by a phone call to a known contact.
- Enable MFA: Especially on email, finance tools, cloud backups, and ERP systems like JobBOSS or Fishbowl.
- Run a 30-minute training: Review these exact scams with your team, using real examples.
The Hidden Cost: More Than Just Lost Money
Look, nobody wants to lose $60 million like Orion S.A. did—but even a $60,000 hit can shake a growing shop to its core. Especially when you consider the ripple effects:
- Downtime from ransomware or breached systems means missed shipments.
- Staff distraction as they scramble to respond.
- Loss of trust from clients if customer data is exposed.
- Insurance premium hikes after a security incident.
Don’t Let a Scam Define Your Q4
You should be focused on throughput, quality metrics, and getting that new 5-axis machine online—not wondering if the IT systems are secure.
A little preparation now can prevent a firestorm later. Train your team. Update your policies. Lock down your network.
And if you’re not sure where to start? That’s where we come in.
Want to see where your vulnerabilities are before attackers do?
Click here to schedule your free network assessment with Qual IT.
Because the best gift you can give your Salt Lake City manufacturing business this season is peace of mind—and uninterrupted production.
