Holiday Scams on the Rise: Cybersecurity
Tips for ABQ Businesses

The holidays should bring celebration, not cleanup. But every year, cybercriminals take advantage of the season’s distractions — and even the most careful businesses can fall victim.

Last December, an accounts payable clerk at a midsize company received an urgent text from her “CEO”: buy $3,000 in Apple gift cards for clients, scratch the backs, and e-mail the codes.
It sounded odd, but the message came from the boss’s name — and it was the middle of holiday chaos. By the time she double-checked, the money was gone.

That scam may sting, but others can be far more devastating. Around the same time, Orion S.A., a Luxembourg-based manufacturer, fell victim to a much larger scheme. The company regularly processed wire transfers as part of normal business operations—so when an employee received what appeared to be routine e-mail requests referencing real projects and trusted vendors, nothing seemed unusual. The messages looked legitimate but carried a sense of urgency.

By the time the truth surfaced, more than $60 million had been transferred directly into criminal accounts—wiping out half of Orion’s annual profits in a matter of days.

Why Albuquerque Businesses Should Pay Attention

If you think your business is too small to be a target, think again.
In 2023, gift-card scams cost U.S. businesses $217 million, and in 2024, business e-mail compromise (BEC) made up nearly three-quarters of all cyber incidents.

Criminals know the holidays are hectic — your team’s distracted, processing year-end invoices, and eager to wrap things up. That’s when mistakes happen.

5 Holiday Scams Every Employee Should Know

  1. Gift Card Scams Masquerading as Company Requests

The scam: Impostors pretend to be company executives, asking employees to buy and e-mail gift card codes for “client gifts.”
The fix: Put a written policy in place — no gift cards without two approvals, and never requested via text or personal e-mail.

  1. Invoice or Payment Switch-Ups

The scam: Hackers send “updated banking details” or intercept vendor e-mails during year-end billing.
The fix: Always verify bank changes by phone using a number already on file — not one in the e-mail.

  1. Fake Shipping Notifications

The scam: Phishing e-mails disguised as UPS, FedEx, or USPS links.
The fix: Don’t click. Go directly to the carrier’s website and check deliveries manually.

  1. “Holiday Party” Attachments

The scam: Malware disguised as event schedules or invitation lists.
The fix: Train staff to verify attachments, block macros, and report unexpected files immediately.

  1. Bogus Charity Campaigns

The scam: Fake fundraisers or “company match” e-mails designed to steal data or donations.
The fix: Share a verified list of local charities and require donations through official websites only.

Why These Scams Work

Today’s cybercriminals don’t rely on luck — they rely on trust. They study your business, mimic communication styles, and send messages that look like they came from someone you know.

Regular phishing-awareness training can reduce risk by 60%, and multifactor authentication (MFA) can block 99% of unauthorized logins — yet many small businesses still go without both.

Your Holiday Cyber-Safety Checklist

Before your team signs off for the holidays, take a few simple steps:

  • Use the two-person rule: Require verbal confirmation for all large payments.
  • Establish a gift-card policy: No requests via text or e-mail.
  • Verify vendors: Confirm banking changes by phone using numbers you already trust.
  • Turn on MFA: Protect all e-mail, banking, and cloud accounts.
  • Share awareness: Review these scams with your team during a quick staff meeting.

 

The Hidden Costs of a Cyber Incident

A cyberattack doesn’t just cost money. It can disrupt your busiest time of year, damage customer trust, and raise insurance premiums.

The average business e-mail compromise loss is now over $129,000 — enough to sink many small businesses.

Keep the Holidays Merry — and Secure

It only takes one quick verification or one extra step to prevent a massive loss.
The employee who cost Orion $60 million could have stopped it with a single phone call.

This holiday season, protect your Albuquerque business with a few smart habits, a short team briefing, and layered security tools that work quietly in the background.

Take 10 minutes to connect with our team and find out if your business qualifies for a complimentary security assessment. It’s a quick, no-pressure call to pinpoint gaps and help you p0lan ahead with confidence.

We’re offering a limited number of free security assessments for qualified Albuquerque businesses this season. Schedule a short call to see if your company is eligible and get practical recommendations to protect your data and your team.

Because the best gift you can give your business this season is peace of mind.