Keep Your Productions Fraud-Free

This holiday season, fraudsters aren’t just sending sketchy emails—they’re using AI tools to imitate vendors, coworkers, and familiar voices. With Wrapbook, you can add transparency and control to your projects to help stay ahead of these evolving risks.

As criminals adopt off-the-shelf AI tools for voice cloning, document forgery, social engineering, and payment diversion, productions benefit from staying attentive. By preparing now, you can help protect both yourself and your team through a smooth and secure holiday season and year-end.

Here are some approaches to help keep your production one step ahead of the most common holiday payroll scams.

Note: Scammers increasingly use widely available AI tools to support their schemes. This is very different from the secure, purpose-built AI within Wrapbook, which is designed with strict safeguards and controls. The information below focuses only on how to stay aware of common, well-documented fraud tactics seen across many industries.

Vendor Business Email Compromise (BEC)

Imagine a fraudster gaining access to your vendor’s email account and impersonating them—requesting an unexpected payment or attempting to redirect a legitimate one. With AI helping criminals mimic writing styles and respond quickly, these scams may blend in more easily at first.

How you can protect yourself and your production:

1. Contact the vendor through another confirmed channel. If an email thread feels slightly off, reach out using a known, trusted method—such as a direct phone number for your point of contact or their support line—to confirm that the request is legitimate.
2. Minimize clicking on email links. Fraudsters often rely on subtle misdirection through email links. When possible, navigate directly to any portal, software, website, or tool you trust instead of clicking links within an email.
3. Track historical vendor patterns. Noticing changes—such as sudden shifts in invoice amounts, billing frequency, or communication tone—can simply be a helpful prompt to verify that everything is in order.
4. Conduct vendor due diligence. Working with reputable vendors lays a strong foundation. FINRA offers best practices on evaluating vendors, and Wrapbook helps validate vendor information using a trusted third-party verification service when you add or update a vendor in our system.
5. Compare suspicious invoices with known legitimate ones. If an invoice looks unusual, avoid downloading attachments. When the invoice appears in the email body, compare it with a past verified invoice to look for discrepancies.

Bogus payments and ghost employees

Compromised accounts may also lead to attempts to slip fake or inactive workers into payroll, especially on complex productions where many moving parts can make it harder to spot small inconsistencies.

How you can protect yourself and your production:

1. Train your team to spot live AI personas. Encourage staff to watch for subtle cues such as repetitive or unnatural phrasing, overly polished audio, mismatched shadows, “too perfect” images, or responses that don’t follow the flow of a natural conversation. When interacting with someone they know, impersonations may simply feel slightly “off”—too formal, too casual, too fast, or too slow. Referencing a past interaction can also help confirm identity. MIT provides helpful resources on detecting AI-generated photos or videos.
2. Invite-only onboarding on Wrapbook. Fraudsters cannot self-service add themselves as workers on any production in Wrapbook; they must be invited or added by an authorized Company user. This built-in step helps ensure proper oversight.
3. Design and implement approval flows. Approval flows give production finance teams more opportunities to review payments before money moves, adding clarity and reducing the likelihood of overlooked details.
4. Build in separation of duties with a least-privilege approach to roles. Configure user roles in Wrapbook so that no single person can move a payment from creation to funding without visibility from others. Even for Company Admins, having more than one can enhance oversight.
5. Keep your company permissions refreshed and role assignments up to date. Regularly review users and roles in Wrapbook’s Company Settings. Remove access for users no longer active on your projects or adjust permissions as responsibilities shift.
6. Lean into transparency. Each payable includes a detailed audit log showing a history of key actions. If something appears unusual, reviewing the audit log can help clarify what occurred.

Holiday phishing and social engineering scams

Fraudsters may use misleading messages, emails, or links—sometimes on websites that appear familiar—to direct you to imitation login pages or to collect credentials. With deepfakes becoming more accessible, taking a moment to verify unexpected requests is increasingly helpful.

How you can protect yourself and your production:

1. Multi-factor authentication (MFA). Enable MFA on your personal and business accounts whenever possible. Wrapbook enrolls users in MFA by default upon account creation.
2. Educate your staff on phishing and social engineering. Employees are often the first to encounter suspicious messages. Providing training—even from free resources—can meaningfully support your team.
3. Designate verified “official” communication channels. Create a policy for your production where sensitive actions or requests must come through a designated channel or require a specific workflow, such as a Wrapbook approval flow step. Keeping this policy limited to relevant staff makes unexpected requests easier to recognize.
4. Pause and scrutinize. Fraudsters sometimes rely on manufacturing urgency. When something feels out of routine, pause and consider: a) Do you know this person? b) Is this the type of request they typically make? c) Is this how they usually communicate? d) Does this align with your current workflows? e) Are they asking you to keep it confidential? If anything seems inconsistent, simply take an extra moment to verify.
5. Consider creating code words to help confirm identities. A shared verbal code word among trusted colleagues can offer an extra layer of confirmation if a request seems unusual.
6. Keep phones, laptops, tablets, and software updated. Device and software makers continually improve their defenses. Keeping your technology up to date ensures you receive the latest security protections.

At Wrapbook, fraud protection is a foundational part of our platform. Our tools, policies, and team aim to help production companies pay crews safely, spot potential issues early, and respond quickly when something doesn’t seem right. Ultimately, you know your production, industry, and people best—and that insight remains one of your strongest advantages in keeping your production secure this season.

When in doubt, reach out. At Wrapbook, we’re here to support you. If you suspect fraudulent activity on your Wrapbook account, contact us at support@wrapbook.com. We can assist with steps such as freezing and reviewing potential activity on your account.