December is the busiest month of the year for both businesses and scammers. Fraudsters know that employees are distracted by deadlines, holidays, and year-end pressures. That’s why gift-card scams, fake invoices, and bogus shipping notices all surge during the season.
According to recent data, almost 38% of business email compromise (BEC) cases involve gift cards. One quick click or one false “urgent” request can cost thousands.
Robertson Technology Group has outlined the top five scams targeting businesses in Victoria, BC this winter—along with the simple checks that stop them cold.
The scam: Criminals impersonate executives and pressure employees to buy gift cards “for clients” or “staff appreciation.” Once the codes are sent, the money is gone.
The fix: Put your rule in writing. No gift cards via text or email, ever. Require two approvals for any gift-card purchases, and remind staff that no legitimate request should ever involve sending codes electronically.
The scam: Fraudsters hijack legitimate vendor conversations and send polished “updated banking details” right before payments are due.
The fix: Any request to change banking details should trigger a call back to the number already on file—not the one in the message. Add a second approver for payments over your chosen threshold.
The scam: Messages that appear to come from Canada Post or courier services ask users to “reschedule delivery.” The links steal login credentials.
The fix: Bookmark official carrier websites and type them directly into your browser. Never click a delivery link in an email or text.
The scam: Attachments labelled “Party_List.xls” or “Holiday_Event.pdf” install malware or prompt users to re-enter their credentials.
The fix: Block macros, scan attachments automatically, and verify unexpected files by phone or chat before opening them.
The scam: Fake charity campaigns and look-alike donation pages mimic trusted causes. Some even spoof your company’s name.
The fix: Publish an approved charity list for staff. Route all giving through official, verified channels only.
Scams rely on two things: urgency and trust. They work because employees are eager to please, especially during the holidays.
A few easy defences go a long way:
Earlier this year, a small financial firm in Victoria nearly wired $42,000 to a fraudulent account. An email appeared to come from a known vendor, referencing a real contract and providing new bank details for “year-end payouts."
Luckily, their accounting software required a dual approval. When the finance manager called the vendor at their known number, they learned no changes had been made. The fraudulent email was reported to their IT provider, who confirmed the sender’s domain had been spoofed.
Within a week, the company added MFA to all mailboxes, set a $2,000 call-back rule for any banking changes, and deployed mailbox rules to flag urgent or wire-transfer terms. The result: zero losses and a more secure process.
Keep scammers out of your holiday budget. Book a free discovery call with Robertson Technology Group today. We’ll review your current approval processes, MFA setup, and vendor verification practices to make sure your business is protected before the year ends.
Call 250-412-3785 or book online at https://www.rtgroup.ca/discoverycall/