The calendar year and the holidays are winding down. Year end is busy for most organizations – from updating employee benefits to insurance plans. It also means it’s “time to kick into high gear” for hackers and their scams.
With many companies running with partial staff and employees taking on extra workloads, identity thieves see them as prime targets. That’s why training ourselves to be more cautious is crucial, especially during this time of year.
Every year, scammers start bringing out their old standbys for year’s end because people still respond to them. Here are some of the most common scam tactics to be aware of so you and your users can be ready.
Watch for These 6 Common Scams
1. Employee Benefits/Health Savings Account Scams
These types of scams rely on employees not being informed of company policies. The scammer will email the employee that their benefits will expire, or they need to renew them for the new year. They provide a fake website to “log in” and steal credentials.
Solution: Avoid this by asking the appropriate person in your organization about anything benefit-related. Don’t rely on random emails.
2. Microsoft (or other software) End of Year Upgrades
This type of scam involves an email telling you that your software is about to expire and that you need to send money to renew it. Scammers will try to scare you by saying your email account will be closed by Microsoft or something similar.
Solution:
- Always ask your IT team or managed IT provider about the status of your licenses.
- If you’re considering outsourcing all or part of your IT, check out Teal’s premier solution. We would be happy to be your partner – helping you manage your software licenses, provide security awareness training, keep your data secure, and maintain compliance.
3. Phone Call Scams ("Vishing")
With staff overworked, hackers are more likely to leverage employee exhaustion by calling directly instead of emailing. These types of scammers will pretend to be from the IRS, Microsoft, or some other group that needs credentials, passwords, or access to a computer.
Solution:
- Remember, none of these organizations will call you out of the blue and make you resolve an issue on the spot.
- Even if the scenario is different, and you doubt the call’s legitimacy, take a breath and calmly end it.
- If you’re concerned that you ended a conversation with a legitimate organization, call them directly with a number you know. Then, ask if they can confirm the call.
4. Charity Scams
Many people want to contribute to charities toward the end of the year, and who doesn’t like making the world a better place? Scammers will take advantage of this to send fake charity emails – hoping people will send them money.
Solution:
- Be wary of high-pressure donation requests, and never send money to people who ask for it over email.
- If you want to donate to a specific charity, navigate directly to their website. Don’t click on a link in an email.
- Verify the charity’s legitimacy through trusted sites like Charity Navigator or GuideStar.
5. Travel Scams
This type of scam preys on employees planning year-end or holiday travel. Scammers know that the excitement of a vacation can make people less vigilant, so they create enticing offers and fake rental listings that seem too good to pass up.
Typically, they advertise vacation properties that don’t exist or trick travelers into paying for deals loaded with hidden fees. Unsuspecting victims may quickly find themselves out of money with no place to stay.
Solution:
- Use trusted platforms for booking vacation rentals and read reviews. Contact the property owner through the official site.
- If a travel deal seems too good to be true, it probably is. Check for hidden fees or call the travel company directly to confirm details.
- Use a credit card for bookings to have fraud protection and the ability to dispute charges.
Learn more about how to avoid travel scams from the Federal Trade Commission.
6. Unpaid Invoice Scams
This type of scam exploits busy or distracted employees. Scammers send fake invoices that appear legitimate, hoping the urgency of daily operations will prevent a thorough review. They may impersonate a known vendor or create convincing details to trick employees into making a payment.
Without proper verification processes, businesses risk losing money to fraudulent transactions and may only discover the deception once it’s too late.
Solution:
- Assign more than one person to handle and approve invoices to ensure consistency and oversight.
- Review all invoices carefully, paying close attention to details like vendor names, account numbers, and payment terms. Compare the account number on the invoice with the one registered for your actual vendor; discrepancies could indicate a scam.
- Be cautious of invoices or payment requests from unfamiliar vendors or locations. If an invoice doesn’t include a contact number, consider it a red flag—scammers often omit this information to avoid questions or complaints.
- Double-check with the employee who supposedly authorized the order to confirm its legitimacy.
- Never pay for goods or services until you have verified that they were ordered and properly received.
“Hopping on the Hot Topic” Scams
While this is not always an end-of-the-year scam, it’s something you should always be vigilant for. Scammers often watch the news to take advantage of confusion surrounding tax laws and other hot topics. Then, they craft phishing emails, SMS messages or deepfake videos that involve these topics.
Three examples come to mind:
- Student loan debt relief scams
- Israel-Hamas War scams
- Political election scams
Israel-Hamas War scam example (KnowBe4)
Hackers may send fake articles for you to click, ask for your information to help you navigate something, or pretend to be government agents and demand money.
Potential voters are overwhelmed by candidate texts – making it difficult to
distinguish genuine messages from fake ones (CBS News)
Solution: Always remember to think before you take any action and become a master of phishing prevention.
Strengthen your organization’s defenses against advanced cyberattacks, like ransomware, by elevating phishing awareness with these expert tips and actionable insights.