According to the Economic Crime Survey 2024, 1 in 4 businesses experienced fraud in the 12 months prior to the survey, with cyber fraud being the most common. Fraud is a real threat that can potentially lead to a serious loss of money, and during Christmas, it’s an even bigger issue for both people and businesses. Given the statistics, it’s not something that small business owners can afford to ignore.
Thankfully, while completely preventing fraud in business is a mammoth task, there are numerous things that business owners can do to minimise their risk and to catch common Christmas scams sooner rather than later.
As experts in document security and secure data destruction, the Shredall SDS Group exists to help businesses keep their documents in order and their data secure, helping these businesses keep their risk of fraud to a minimum all year round. Along the way, we’ve picked up a few tips that we can pass on to help your business stay fraud-free this Christmas.
Identifying areas where you could be at risk
The precise nature of the Christmas fraud risks any given business faces can vary, but the more generally applicable risks can be summarised into four broad categories:
-
Risks from customers
-
Risks from employees
-
Risks from suppliers and service providers
-
Risks to business assets
The first three points encompass all of the people that could pose a threat to your business. You’ll notice that the net has been cast fairly widely, but that’s because fraud risks can come from almost anyone who has a relationship with your business.
Risks from customers
Whether you’re dealing with customers on physical premises or online, there are ways for fraudsters to con you out of money. Christmas is a time for buying gifts, so scammers can use counterfeit currency, fake or stolen payment details and fake orders to cause problems for your business. If you’re a small e-commerce business, for example, that relies on Christmas sales for a large percentage of yearly revenue, losses caused as a result of fraud can be detrimental. It is important to understand the traits of genuine customers and payments to help you catch fraud early during the festive season.
Risks from employees
No small business owner wants to think that their employees could be out to defraud them, but it can still happen during the Christmas period. Risks from employees often come from intentional attempts to defraud a business through fake expenses, embezzlement and the like, but they can also come from negligence, where employees are leaving the company vulnerable to fraud by doing something poorly or not doing something they should be.
With companies being much busier during the festive season, and employees extra focused, people’s guards are more likely to be down, giving negligent employees the perfect opportunity to commit one of the 12 scams of Christmas.
Risks from suppliers and service providers
Other businesses that your company has regular dealings with can defraud you if you’re not careful. Common activities include overcharging and not delivering the goods or services that were promised. Again, Christmas is a busy time, so keep focused and don’t let your guard down too much, especially if you spot something that doesn’t seem right.
Risks to business assets
In order to understand which areas of your individual business are most at risk from Christmas fraud, it’s essential to know what your assets are. Tangible assets include your buildings, equipment and cash in the bank, but you should also be mindful (perhaps even more so) of intangible assets such as any customer data you hold, your business’s brand and identity and even the ideas that you have for future development.
Common types of Christmas fraud
Anyone associated with your company could attempt to defraud you at Christmas time, and the ways they could do so are numerous. There are too many different types of Christmas fraud for us to go through in this blog post, so we’re going to focus on those that are more closely tied to our fields of expertise.
1. Business identity fraud
Fundamentally, business identity fraud (or business identity theft) is where a fraudster impersonates a business, not any single employee or director of the business. This type of fraud involves stealing or misusing a business’s credentials, such as login details or bank account information.
Business identity fraud can be used to steal money from the company itself, to alter key financial reporting documents, to purchase something using the businesses accounts, or a host of other related activities. Companies leave themselves vulnerable to this type of fraud when they fail to restrict access to sensitive information and passwords, whether they’re held in a digital capacity or available on physical documents.
2. Intellectual property theft
Intellectual property theft involves someone copying a company’s creative property and using it for their own gain. Intellectual property is a form of intangible asset and encompasses any products, inventions and designs that have been copyrighted, trademarked or patented. It could be anything from the contents of a book, to the designs for a new aircraft component, to your company branding.
In some cases, a criminal could steal your intellectual property simply by accessing what’s available to the public, such as your branding. There’s nothing you can do to prevent it, except pursue civil or criminal action wherever you find evidence that theft has occurred. However, other kinds of IP theft could occur if someone gains access to internal documents, such as designs for a new product. Implementing document security policies and measures is essential to minimise this risk.
3. Company data hacking
The data that your company holds on employees and customers is a valuable asset that will be an attractive target for hackers or others who have access to company documents and online files. Customer data can be sold or even ransomed for a lot of money should it get into the wrong hands.
One of the most common ways hackers snatch company data is through phishing. Phishing is where hackers pretend to be someone trustworthy to trick you into giving away sensitive information. According to the Cyber Security Breaches Survey 2025, out of businesses that experienced an attack this year, 85% of them were phishing attacks. At Christmas, phishing is even more common due to people’s guards being down, and hackers target people and businesses via email or text message.
Common Christmas scams affecting your customers
It’s not just businesses that are at risk from fraud at Christmas time, but consumers as well. An increase in online purchasing means that fraudsters can fool people even easier. It’s important for businesses to be aware of this, as fraudsters commonly pose as businesses to build rapport with their victims.
Phishing
Phishing doesn’t just happen to businesses. One of the most common types of phishing attempts on consumers is via text message. At Christmas time, fraudsters will send a text message posing as a delivery company, claiming that the individual's parcel has been delayed. In the same message, there will be a link that they will encourage the individual to click.
Gift card scams
These work by fraudsters impersonating someone your customers know and trust. Their main aim is to get the code on the gift card so that they can spend the money themselves
Shopping scams
An increasing number of people purchase luxury items at Christmas and some are looking for the best deal possible. Unfortunately, this opens the doors for scammers to take advantage of these people by charging large sums of money for inauthentic luxury items. As a small business operating around Christmas, warn your customers of these common scams.
How Shredall SDS Group can help this Christmas
Working with a business like the Shredall SDS Group helps to ensure that your documents aren’t putting your company at risk from different kinds of Christmas fraud. We help to securely destroy documents that aren’t needed and can store those that aren’t needed regularly in a safe, off-site location. Our document scanning service can also turn vulnerable physical documents into digital documents whose access can be restricted and controlled more easily.
Whatever your business does and whatever risks you may be vulnerable to, the starting point should be clear anti-fraud policies and employee education. If everyone in the company is on the lookout for telltale signs of fraudulent activity, it will be much harder for a fraudster to get away with anything, regardless of who they are or how they’re targeting your business.
For more information, visit the Action Fraud website.
