Overlay
Technology

Festive fraud: are you scam-savvy?

Scammers don’t take a break for the festive season.

Key takeaways
  • Criminals don’t stop for Christmas – always stop and think before departing with personal or financial information.

  • Businesses are far more likely to fall victim to fraud than any other crime in the UK.

  • Fraudsters are more likely to target a higher-profile organisation with a ransomware attack.

  • Smaller businesses are more likely to be targeted with attempts like invoice redirection.

  • Many businesses struggle to recover from the severe financial and reputational damage fraud can cause – never be complacent or let your guard down.

  • Build a culture that encourages staff to speak up, and make it easy for them to report an incident. 

Criminals are experts at impersonating people, as well as trusted organisations such as your bank or the police. They are always looking for clever and convincing ways to trick you, and they will target businesses all year round, whether it’s the season of goodwill or not.

If your team is winding down to relax for the holidays, or business is ramping up to meet Christmas demand and you’re rushed off your feet, the best way you can protect yourself and your business is to keep up to date with the methods scammers use. 

Stop and think – says national campaign Take Five – because it could protect you and your money. Letting your guard down just once could let a fraudster in.

What are phishing emails?

The majority of cyber attacks on businesses originate from simple phishing emails. Big retail events such as Black Friday, Cyber Monday and the ‘Golden Quarter’ leading up to Christmas, provide opportunities for scammers through things like fake promotional discounts or prizes. 

They’re also likely to target your business on a Friday afternoon because they see potential as pressured employees try to meet deadlines or fulfil transactions. 

If you click on a link in a phishing email, you may have created a pathway for malicious software to start doing its damage to an internal system or device. 

The worst-case scenario is that it can lead to a crippling ransomware attack, meaning it’s holding your business information at ransom. 

Criminals will also target businesses through CEO scams and invoice and mandate scams.

“Never trust anything, even if there’s a believability about it. Even if you receive something you’re almost certain is legitimate, with the correct logos and spellings, don’t click on the link in the email. Fraudsters might have targeted you and directed you to a fake page.”

As we head towards Christmas and people are on annual leave, there may be holes in terms of process – people stepping into roles and duties they don’t normally do

Alasdair Stewart
Fraud Awareness Analyst, the bank
How do telephone scams operate?

Businesses should remain vigilant against vishing phone calls. Fraudsters will encourage you to give out personal details such as your debit card number or card reader codes. They’ll claim to be from your bank reporting suspicious activity or logins, or from your IT support claiming there’s a security threat on your device, wireless network, or modem – can we install TeamViewer?

“They’re incredibly convincing because they’ve always done the homework. It’s important to remain on guard.”

Does seasonal fraud exist?

At this time of year especially, there’s an opportunity for criminals to exploit vulnerabilities. “As we head towards Christmas and people are on annual leave, there may be holes in terms of process – people stepping into roles and duties they don’t normally do. 

“There’s also a lot going on, plans to make, Christmas gifts to buy… The human aspect means we don’t always respond the same way to every single situation, and it just takes that one time for fraudsters to sneak in under the radar.”

Are you scam-savvy?

Develop a common-sense mindset where you are in control. The Take Five campaign says:

  • Stop: Taking a moment to stop and think before parting with your money or information could keep you safe.

  • Challenge: Could it be fake? It’s OK to reject, refuse or ignore any requests. Only criminals will try to rush or panic you.

  • Protect: Contact your bank immediately if you think you’ve fallen for a scam and report it to Action Fraud.

If you’ve been asked to do something that you did not request, then you always need to think about the worst-case scenario. 

“You can absolutely take five minutes just to gather your thoughts. ‘What’s the worst that could happen to me if I click on this link, or if I respond to this request for information?’” 

If something doesn’t feel right, use an official source such as your banking app to check it’s legitimate. “It’s human nature to comply or agree, not to appear rude, impolite or say no. And it can happen to anyone at any level.” So, take as long as you need to verify.

Take action on fraud
  • Document your processes; verify requests. 

  • Carry out ‘ethical phishing campaigns’, which test staff on their email use within your organisation.

  • Give your people context and the bigger picture. This helps employees understand that what they’re doing is not an inconvenience, it’s to keep the organisation safe. 

  • Encourage openness, so that staff know they can and should speak up, whether that’s to report a suspicious email, an unusual telephone call or clicking on a dodgy link. The sooner it’s reported, the quicker you can act.

  • Make it easy, not daunting, for people to double-check. You should be able to ask a senior colleague whether they really did send that email. 

  • Understand the basics of IT security and invest in layers of IT security relevant to your business. 

  • Check whether your bank offers access to tools such as cyber-security detection and protection apps for home or business devices.

This material is published by NatWest Group plc (“NatWest Group”), for information purposes only and should not be regarded as providing any specific advice. Recipients should make their own independent evaluation of this information and no action should be taken, solely relying on it. This material should not be reproduced or disclosed without our consent. It is not intended for distribution in any jurisdiction in which this would be prohibited. Whilst this information is believed to be reliable, it has not been independently verified by NatWest Group and NatWest Group makes no representation or warranty (express or implied) of any kind, as regards the accuracy or completeness of this information, nor does it accept any responsibility or liability for any loss or damage arising in any way from any use made of or reliance placed on, this information. Unless otherwise stated, any views, forecasts, or estimates are solely those of the NatWest Group Economics Department, as of this date and are subject to change without notice.

scroll to top