Blog

The $60 Million Holiday Scam (And How Not to Be the Next Victim)

Written by Connections for Business | Nov 3, 2025 2:15:00 PM

Picture this: It’s December. Your office is buzzing. The copier’s jammed, the holiday playlist is stuck on “All I Want for Christmas,” and suddenly—ding!—your phone lights up. It’s your CEO. He needs $3,000 in Apple gift cards for clients. Stat.

Seems weird, right? But it’s the holidays. Things are hectic. So the accounts clerk at this midsize company did it. Scratched off the codes, sent them over. And poof—gone. Not to the CEO. To a scammer.

Ouch.

But that’s chump change compared to what happened to Orion S.A., a chemical company in Luxembourg. They got hit with fake emails that looked like normal wire transfer requests. Totally routine. Only they weren’t. One employee followed the instructions, no questions asked.

Result? Sixty. Million. Dollars. Lost.

Let that sink in. That’s more than half the company’s annual profit. Imagine working all year and handing half your paycheck to a cybercriminal in a hoodie.

And no, your business isn’t “too small” to be a target. Scammers don’t care if you're a startup or the CEO of Snacks & Sons. In fact, they love small businesses. Less security, more chaos, and way easier to fool.

In 2023 alone, gift card scams cost companies over $217 million, and in 2024, 73% of all cyberattacks on businesses were done through email scams. So yes, the holidays are open season for cyber crooks.

5 Holiday Scams That Could Cost You Big (Unless You See Them Coming)

   1. The “Boss Wants Gift Cards” Trick
  • The scam: A fake text or email from your “boss” asking for gift cards. (Think: “Hey, need $500 in Amazon cards for the team. Urgent!”)
  • What to do: Company rule: No gift cards without two approvals. And no exec will ever ask for them via text. Like, ever.
   2. “Oops, We Changed Our Bank Info” Scam
  • The scam: A scammer sneaks into a vendor email chain and says, “Hey, we’ve updated our banking details. Send money here instead.”
  • Real talk: The Town of Arlington, MA, lost nearly $500,000 this way in 2024.
  • What to do: Always confirm banking changes over the phone—using a known number, not the one in the email.
   3. Fake Shipping Notices
  • The scam: Phony emails from UPS, FedEx, or USPS with links like “Your package couldn’t be delivered.”
  • What to do: Don’t click. Ever. Go straight to the delivery company’s official site. Type it in yourself. Better safe than scammed.
   4. Malicious Holiday Party Attachments
  • The scam: “PartyList2024.xls” shows up in your inbox. You click. It installs malware.
  • What to do: Block macros. Scan everything. Make it normal to double-check before opening random holiday cheer.
   5. Bogus Charities and “Company Match” Scams
  • The scam: A fake site asking for donations, often pretending to be part of your company’s giving campaign.
  • What to do: Only donate through official portals. Share a list of legit charities with your team ahead of time.

Why These Scams Work (And How You Shut Them Down)

Scammers are slick. They’re not sending “Help, I’m a prince” emails anymore. They study your company. They know your routines. And they strike when your team is distracted (like, say, during the holidays).

But here’s the good news: a little training goes a long way. Companies that run fake phishing tests cut their risk by 60%. And turning on multi-factor authentication (MFA)—you know, that “text code” thing—blocks 99% of unauthorized logins.

Yep. It’s that effective.

Your Holiday Cyber Safety Checklist

Want to keep your business safe while still rocking those ugly sweaters? Here’s your to-do list:

✅Two-Person Rule: Big payments? Two people have to approve. Always.
✅Gift Card Policy: Put it in writing: no gift cards via email or text.
✅Vendor Verification: Confirm bank details by phone. Don’t trust email changes.
✅MFA Everywhere: Turn on multi-factor authentication for all logins.
✅Holiday Awareness Briefing: Run through these scams with your team. Real stories = real impact.

The True Cost: It’s Not Just the Money

Sure, $60 million is a massive blow. But even smaller hits can crush a business. Here’s what you don’t see in the headlines:

  • Business slows down (or stops) during your busiest time
  • Employees panic and scramble to fix things
  • Customers lose trust if their info gets leaked
  • Your cyber insurance premiums skyrocket

The average business email scam costs $129,000. That’s enough to ruin a small business faster than you can say “fa-la-la.”

Keep It Merry, Not Messy

The holidays should be about celebrating wins—not reporting a data breach.

Want to keep things merry and bright? Call a quick team meeting, tighten up a few policies, and set up some basic cyber defenses.

Because here’s the truth: That Orion employee could’ve stopped a $60 million loss with just one phone call.

You can, too.

Ready to lock things down before the ball drops? Book a 15-minute security check-in with our team. We’ll help you plug the holes, no jargon or scare tactics—just clear, simple steps to stay safe.

Schedule Your Free Security Assessment

Because the best gift you can give your business this year?
Peace of mind.
View full post