In partnership with
π Welcome to Unlocked
The end of the year brings more than celebrations. It creates high-risk conditions for financial fraud β when executives are traveling, teams are short-staffed, and approval workflows are rushed.
While phishing remains the #1 initial attack vector (Verizon DBIR), year-end business email compromise (BEC) campaigns now exploit something different: predictable stress and urgency during the holiday window.
These attacks are becoming:
more targeted
more automated
more timed to workflow pressure
This week weβre breaking down why year-end fraud surges β and what IT and security leaders can do about it before the books close.
π Executive Spoofing: Why Leadership Is Target #1
Attackers spoof executives because authority + urgency bypass critical thinking.
Common patterns include:
look-alike domains impersonating CEOs/CFOs
urgent requests for confidential transfers
βquick favorβ messages targeting assistants or finance teams
spoofed mobile messages during travel
Business Email Compromise caused over $2.9B in reported losses in 2023 (FBI IC3), making it one of the costliest enterprise threats β and the FBI has repeatedly noted spikes during holiday periods.
Even when MFA protects accounts, attackers shift tactics:
spoof identity, not login
exploit urgency, not access controls
BEC succeeds because it weaponizes trust, not technology.
π³ Gift Card + Invoice Fraud: Why December Is Prime Season
Gift card scams sound outdated β but they persist because they blend seamlessly into year-end business routines.
Seasonal fraud patterns:
executive asks assistant to buy gift cards for clients
fraudulent invoice attached to an urgent email
finance processing during deadline crunch
amounts small enough to avoid fraud detection thresholds
Why it works:
urgency overrides verification
delegation hides illegitimacy
holidays normalize gift spending
Research from the ACFE shows fraud attempts increase during staffing shortages and calendar transitions, and invoice spoofing remains one of the fastest-growing vectors in BEC.
The holidays are when mistakes happen quietly β and attackers know it.
π The Financial Closing Window: A Breach Opportunity
December financial workflows create predictable vulnerabilities that adversaries exploit:
first-time vendor payments rush through
multi-team approvals break down
reduced oversight during PTO
travel introduces mobile-only verification
Deloitteβs payment fraud research found executive-impersonation attempts spike during quarter-close periods, when controls loosen under pressure.
Attackers track seasonal workflows and adapt campaigns to them. Year-end bookkeeping isnβt just a process vulnerability β itβs a predictable threat window.
π§ Why These Scams Still Work
Holiday BEC works because it relies on human instinct, not technical compromise.
Key psychological triggers:
perceived authority
compressed timelines
guilt over delaying executives
reduced concentration during fatigue
disrupted work routines
The attackerβs advantage isnβt sophistication β itβs timing and automation.
Attackers automate:
reconnaissance
spoofed sender profiles
invoice insertion
executive persona replication
Meanwhile defenders struggle because the burden falls on people making fast decisions, not systems blocking malicious ones.
π‘οΈ How IT + Security Teams Can Reduce Holiday BEC Risk
Practical, high-leverage defenses:
β’ require verbal verification for executive transfers
β’ enforce dual approval workflows for first-time vendor payments
β’ block external senders using internal-domain look-alikes
β’ flag mobile-device approvals during executive travel
β’ alert on mailbox rule changes + forwarding configuration
Technical safeguards to implement now:
enforce DMARC/DKIM/SPF
deploy BEC-focused filtering rules
perform identity-based anomaly scoring
restrict privilege escalation via tiered access
These controls reduce risk without slowing business operations β which is critical during end-of-year deadlines.
π‘ Unlocked Tip of the Week
Require escalation for gift card requests.
If an exec sends a message requesting a purchase:
escalation to finance lead + verbal confirmation
no exceptions, especially during holiday cycles
90% of organizations that implement this control report dramatically reduced gift card fraud pressure.
Small friction β big reduction in social engineering risk.
π Poll of the Week
Which year-end vulnerability concerns your team most?
π Author Spotlight
Meet Kaden Rourke - Senior Security Engineer
Kaden Rourke is a Senior Security Engineer with 12+ years of experience designing and implementing secure authentication systems used by millions of users worldwide. Before joining Everykey, Elias led identity engineering initiatives at two venture-backed SaaS companies and contributed to open-source projects focused on hardware-backed cryptography and decentralized access control.
β Wrapping Up
Year-end cyber fraud succeeds not because controls fail β
but because process discipline collapses under pressure.
Holiday fraud targets:
authority structures
psychology
timing
identity trust
As attackers move toward automated social engineering workflows, defenses must shift to automated verification and identity-aware anomaly detection β especially during seasonal capacity strain.
Stay curious. Stay prepared.
Until next time,
The Everykey Team
About Our Sponsor
The Future of Shopping? AI + Actual Humans.
AI has changed how consumers shop by speeding up research. But one thing hasnβt changed: shoppers still trust people more than AI.
Levantaβs new Affiliate 3.0 Consumer Report reveals a major shift in how shoppers blend AI tools with human influence. Consumers use AI to explore options, but when it comes time to buy, they still turn to creators, communities, and real experiences to validate their decisions.
The data shows:
Only 10% of shoppers buy through AI-recommended links
87% discover products through creators, blogs, or communities they trust
Human sources like reviews and creators rank higher in trust than AI recommendations
The most effective brands are combining AI discovery with authentic human influence to drive measurable conversions.
Affiliate marketing isnβt being replaced by AI, itβs being amplified by it.