How to spot and stop Christmas scam messages targeting your business

Christmas scam messages for UK businesses often mimic urgent delivery issues (fake fees/missed parcels), fake gift cards/promotions, CEO fraud (urgent payments), and phishing emails/e-cards to steal data or install malware, using urgency and fake legitimacy to trick staff into clicking links or sharing details; the key is to warn staff not to click links, verify requests independently, and report suspicious texts to the free spam reporting service run by mobile networks in partnership with Ofcom on 7726.

Common Christmas scam messages and tactics:

• Parcel delivery scams (smishing):Texts pretending to be from Royal Mail, DPD, Evri, etc., claiming a failed delivery or small fee is needed, directing you to fake sites for details.
• Fake promotions/giveaways: WhatsApp/SMS messages about free gift cards (e.g., fake giveaways) or too-good-to-be-true deals to get personal info.
• CEO fraud/Business Email Compromise (BEC): Emails impersonating executives or suppliers, demanding urgent payments before holidays, leveraging increased transactions.
• Phishing/malware: Fake e-cards, invoices, or promotional emails with malicious links that install ransomware or steal data.
• AI-enhanced scams: Deepfake audio/video makes impersonation scams (like a fake CFO call) more convincing.

Key staff awareness messaging:

• “Stop and think”: Don’t click links in unexpected texts/emails.
• “Verify, don’t trust”: If a request seems urgent or unusual (payment, info), contact the sender directly via an official channel (not the link/number in the message).
• “No fees”: Legitimate couriers never demand fees via text for delivery/redelivery.
• “Report it”: Forward scam texts to 7726 (SPAM) to report them.
• “Be vigilant”: Watch for urgency, spelling errors, and requests for sensitive data like PINs or verification codes.
• “Secure your systems”: Use strong passwords, Two-Factor Authentication (2FA), and keep devices updated.