(And What Smart Chicagoland Manufacturing Leaders Are Doing to Stop It)
By Jeff Reiter – CEO, RWK IT Services
Last December, a European chemical manufacturer made one small mistake that cost them $60 million.
It wasn’t ransomware. It wasn’t a sophisticated hack. It was a handful of emails—routine-looking payment requests from what appeared to be a trusted vendor.
Multiple wire transfers later, more than half of the company’s annual profits were gone.
It’s a story that could easily repeat itself here in Chicagoland.
As our industry consultant Jack “JD” Daniels—a former manufacturing IT director turned security advisor—often reminds our clients, “Cybercriminals don’t need to hack your machines when they can hack your people.”
And the holidays are when they’re most successful.
Why Manufacturers Are Prime Targets in December
Across Frankfort, Joliet, and Tinley Park, manufacturing teams spend December racing to finish production runs, close books, and prepare for year-end maintenance shutdowns.
Deadlines tighten, staff is stretched, and routine approvals get rushed.
That’s when cybercriminals move in.
The FBI Chicago Field Office has reported a sharp rise in business email compromise (BEC) attempts against Illinois manufacturers—often for amounts small enough to evade immediate suspicion but large enough to cause damage.
Nationally, businesses lost $217 million to gift-card scams in 2023, and 73 percent of all cyber incidents in 2024 were linked to email fraud.
This isn’t about technology failure—it’s about human manipulation.
Five Holiday Scams Every Manufacturer Should Watch For
1️⃣ “The Boss Needs Gift Cards”
A text or email appears to come from your CEO asking for Apple or Amazon cards as holiday bonuses.
The request feels urgent—and people act fast.
Prevent it: Put a written policy in place: no gift card purchases without verbal confirmation from two authorized people.
2️⃣ Invoice & Vendor Payment Switch-Ups — Already Hitting Joliet
A local accounts-payable clerk receives an “updated banking form” from what looks like a known supplier.
One click later, $120,000 is wired to a criminal account.
Prevent it: Use a “call-to-confirm” rule for every banking or payment change, using phone numbers stored in your system—not ones listed in the email. Require dual approval for any payment over $5,000.
3️⃣ Fake Shipping Notifications
Fraudulent UPS or FedEx emails carry links that install malware.
Prevent it: Train staff to type official carrier URLs directly into the browser or use bookmarks—never embedded links.
4️⃣ Malicious “Holiday Party” Attachments
That friendly “Holiday_Schedule.pdf” may carry malware.
Prevent it: Block macros in Office files and remind employees to verify unexpected attachments, even from internal senders.
5️⃣ Bogus Holiday Fundraisers
Attackers clone charity websites or spoof internal “company match” campaigns.
Prevent it: Publish a list of vetted charities and process all donations through secure company channels.
Why These Scams Work — Especially in Midwest Manufacturing
Manufacturers depend on email-based trust and established vendor routines.
Cybercriminals exploit that reliability and the pressure of December workloads.
JD notes that many small and mid-sized plants in Will County still operate with a mix of legacy ERP systems and newer cloud tools—creating the kind of patchwork that attackers love.
These aren’t random attacks; they’re tailored operations targeting predictable behaviors.
A Holiday Cyber Defense Checklist for Manufacturers
To help our clients across the I-80 manufacturing corridor prepare, we recommend five simple controls:
Two-Person Rule: Verbal confirmation and dual approval for all payments above $5,000.
Gift Card Policy: No requests by text or email—ever.
Vendor Verification: Confirm all banking updates via known contact numbers.
MFA Everywhere: Email, ERP, MES, and remote access tools.
Holiday Awareness Briefing: Hold a 15-minute team huddle on these scams before shutdown week.
As JD likes to say, “If you’re too busy for a quick security check, you’re exactly who the scammers are hoping to reach.”
The Real Cost of a Cyber Mistake
The global firm lost $60 million—but the local fallout can be just as damaging.
For small manufacturers in Frankfort and Will County, the average BEC incident—about $129,000—can mean:
- Missed shipments and SLA penalties
- Strained supplier relationships
- Higher insurance premiums
- Morale issues as teams scramble to recover
What Smart Chicagoland Manufacturers Are Doing Now
We’re seeing proactive leaders:
- Running short phishing simulations in December
- Reviewing access lists and disabling unused accounts
- Scheduling policy refreshers with line supervisors
- Partnering with MSPs familiar with NIST and ISO manufacturing standards
A single phone call or dual-approval process can prevent six-figure losses.
Give Your Team Peace of Mind This Season
If you operate a manufacturing plant in Frankfort, Tinley Park, or Joliet, now is the time for a quick cybersecurity check-up.
Our team can walk you through the Holiday Readiness Checklist—built specifically for manufacturers along the Chicagoland I-80 corridor.
👉 https://rwksolvesit.com/free-network-assessment/
This season, the best gift you can give your operation isn’t another machine.
It’s confidence that your data, money, and reputation are safe.
— Jeff Reiter
