Industry news

Protecting AP Teams from Heightened Scam Activity During the Holiday Season

Catherine Chipeta
3 Min
Holiday scams

The holiday season, with its flurry of activity and reduced vigilance, creates fertile ground for scammers to target businesses. According to Shameela Gonzalez, Financial Services Lead at CyberCX, this period sees a significant rise in cyberattacks, including ransomware, phishing, and business email compromise (BEC) scams. Below, we explore common holiday scam trends, warning signs for accounts payable (AP) teams, and best practices for mitigating risks during this busy time.

Scam trends businesses should watch out for

Scammers often exploit the holiday season’s reduced alertness. BEC scams remain a critical concern for businesses, where fraudsters impersonate vendors or internal stakeholders to trick AP teams into redirecting payments to illegitimate accounts. Phishing emails—often disguised as urgent payment requests—are another prevalent tactic. These schemes rely on employees’ reduced vigilance during the holidays.

Fraudsters recently used deepfake technology to impersonate a company executive, leading a finance worker to transfer millions into a fraudulent account. Business email compromise (BEC) scams further illustrate this trend, accounting for 30% of all cybercrime reports in 2023.

According to the National Anti-Scam Centre, scams continue to evolve, with a marked increase in tactics like impersonation of government bodies, including the Australian Tax Office (ATO), to demand urgent payments or account updates. In 2023, Australians lost over $2.74 billion to scams, as reported by the ACCC, with investment scams accounting for the largest financial losses. This trend highlights how fraudsters are quick to exploit high-value opportunities—a tactic mirrored in B2B scams like phishing and BEC attacks that target AP teams during the holiday season. Over 14,000 cases of phishing scams were reported during the holiday season, underscoring the prevalence of this tactic.

Shameela Gonzalez, Financial Services Lead at CyberCX

What AP teams should look out for

AP teams should remain vigilant for:

  • Unusual payment requests: Particularly those claiming urgent deadlines or requesting changes to vendor banking details.
  • Emails with slight anomalies: This includes subtle typos, mismatched sender addresses, or an unfamiliar tone.
  • Requests from unknown or unexpected sources: Fraudsters often impersonate trusted brands or government agencies to lend credibility to their requests.

As Gonzalez notes, “Businesses should operate under the assumption that scam attempts are constant. When AP teams maintain this mindset, they can detect and mitigate threats more effectively.”

Preparing AP teams to respond to scams

Preparation is key to mitigating financial and reputational damage caused by scams. Gonzalez highlights the importance of implementing crisis plans that include the following elements:

  • Incident response protocols: Identify the bare-minimum team required to make quick decisions if fraud occurs.
  • Supplier and customer communication plans: Ensure key contacts are documented and accessible in case systems are compromised.
  • Automated alerts and monitoring: Use tools that detect anomalies and send immediate notifications.

Additionally, AP teams should conduct pre-holiday risk assessments to identify potential vulnerabilities and strengthen weak points.

Best practices for scam prevention during the holidays

Implementing consistent processes can significantly reduce the likelihood of falling victim to scams. Here’s a checklist of best practices for AP leaders recommended by Gonzalez:

  1. Enable multi-factor authentication (MFA): Add a critical layer of security to payment systems and other key platforms.
  2. Restrict access based on roles: Ensure only authorised personnel can access sensitive financial systems and information.
  3. Regularly review vendor records: Validate vendor details and verify any changes to banking information directly with the supplier.
  4. Educate employees: Conduct holiday-specific training to increase awareness of common scams and phishing tactics.
  5. Implement payment verification protocols: Require dual approval or additional verification for high-value transactions.
  6. Automate processes where possible: Use technology to reduce manual errors and identify suspicious activity.
  7. Maintain regular backups: Secure critical financial data to minimise downtime in case of a breach.
  8. Monitor transactions closely: Encourage employees to review bank statements frequently and flag unusual activity immediately.

Practical advice for AP leaders

To mitigate risks, businesses must prioritise education and preparation. Gonzalez advises, “Never assume your business won’t be targeted. Fraudsters don’t take holidays. The key is building processes that reduce reliance on human judgement alone.”

Additionally, AP leaders should:

  • Foster a culture of vigilance: Encourage employees to trust their instincts. If something feels “too good to be true,” it likely is.
  • Stay updated on scam trends: Regularly review reports from the National Anti-Scam Centre to understand evolving tactics.
  • Collaborate with IT and security teams: Ensure AP systems are protected with effective cybersecurity measures, such as endpoint protection and penetration testing.
Financial Controls Guide
Strengthen your financial defences
Discover practical strategies to enhance your financial controls and protect your business from scams with our comprehensive guide.

Related articles

The new security standard for business payments

Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.