The holidays are almost upon us. That means pass the stuffing, brine the turkey, wrap the presents, and hang the stockings with care. It also means hackers are hiding in the holly, waiting for a moment of distraction from all the festive cheer to make their move.
High-cost holiday fraud
The holiday season brings a spike in cybersecurity threats, putting businesses and individuals at heightened risk. Recent industry data show phishing attacks can increase by as much as 30 percent during November and December, with cybercriminals timing campaigns to exploit distracted employees and overwhelmed security teams. The FBI’s Internet Crime Complaint Center reports that holiday-related cyber fraud costs Americans hundreds of millions of dollars each year, with losses continuing to climb. Ransomware operators target the period between Thanksgiving and New Year’s, knowing that reduced staffing and slower response times create ideal conditions for successful attacks. Online shopping scams alone account for more than $350 million in losses during the holiday season, and business email compromise attempts spike in December.
‘Tis the season for increased vigilance
As organizations wind down for year-end breaks and consumers engage in record-breaking e-commerce activity, threat actors ramp up their operations. That makes cybersecurity vigilance more critical than ever during what should be the most wonderful time of the year.
Brian Keeter, senior director at APCO, tells SmarterMSP.com that holiday risks are higher because human defenses are lower, online shopping and browsing are up, and more financial transactions are taking place. “Threat actors know that vigilance for good cyber hygiene often suffers when people are distracted. That’s why we see an uptick in phishing attacks during the holidays. Common targets include charitable donation requests and fake shipping information,” Keeter explains. He adds that more people are online and more likely to use personal devices with lighter security protections. “Whether it’s buying gifts, booking travel, or connecting with friends, there’s more opportunity to encounter a fake website or phishing scam,” he notes. As the year ends and people conduct more online financial transactions—bonuses, donations, and the like—these activities can attract data theft or fraud.
Holiday phishing awareness starts now
Bill Oliver, U.S. managing director at SAP platform SecurityBridge, emphasizes that the most prevalent risks during this season are phishing and social engineering with a holiday twist. He notes that cybercriminals often use timely themes such as failed shipping notices (“Your package isn’t going to make it in time for the holidays”), order confirmations (“Did I really buy 10 Xboxes?”), and gift card offers. “The theme is always time-sensitive urgency,” Oliver says, adding that MSPs should maintain phishing-awareness programs and run phishing simulations and awareness campaigns starting in late October through early November to prime employees for the holiday season. “They should not be afraid to have some fun with the message in these campaigns, since the hackers will.”
Stay cyber safe
If you want to preserve the festive spirit while keeping systems secure, the message is clear: vigilance, proactive measures, and prepared response plans are your best defenses this time of year. By staying ahead of the tactics that attackers are likely to use, organizations and individuals can enjoy the holidays with a little extra peace of mind.
