Holiday Season Scams: How Cybercriminals Target Businesses and Individuals at Year-End
As the year draws to a close, cybercriminals ramp up their efforts to exploit the busy holiday period. With staff taking leave, end-of-year deadlines, and a surge in online shopping and transactions, both businesses and individuals become prime targets for scams and cyberattacks.
What’s Happening?
Scammers know people are distracted and business processes may be less tightly monitored during the holidays. Common tactics include phishing emails disguised as urgent invoices, fake delivery notifications, or requests for gift card purchases. Attackers may impersonate executives or suppliers, hoping to trick staff into transferring funds or revealing sensitive information.
Why are we more vulnerable now?
- Reduced staff: With key team members on leave, approvals and checks may be rushed or skipped.
- Increased transactions: More invoices, orders, and payments mean more opportunities for fraudulent requests to slip through.
- Holiday distractions: People are juggling work and personal commitments, making them more likely to click on suspicious links or overlook red flags.
A Real World Reminder
Last December, several Australian businesses fell victim to a sophisticated scam. Staff received emails that appeared to come from their CEO, requesting urgent payments to a “new supplier” for a time-sensitive project. The emails were convincing—using the CEO’s name, company branding, and a sense of urgency. The requests arrived late in the day, when staff were eager to finish up and head home. In some cases, the scammers followed up with phone calls, further pressuring employees to act quickly. As a result, tens of thousands of dollars were transferred before the fraud was detected.
How to help prevent cyber threats during the holiday period:
- Slow down and verify: Always double-check payment requests, especially those that are urgent or out of the ordinary. Confirm details by phone or in person, not just by replying to the email.
- Be wary of unusual requests: Treat requests for gift cards, wire transfers, or changes to supplier details with extra caution.
- Check sender details: Look closely at email addresses and domain names for subtle misspellings or unfamiliar formats.
- Educate your team: Remind staff about common scam tactics and encourage them to report anything suspicious.
- Enable multi-factor authentication: This adds an extra layer of security to accounts and reduces the risk of unauthorised access.
- Keep software updated: Ensure all devices and systems have the latest security patches.
- Limit access: Restrict financial and sensitive account access to only those who need it, especially when staff are on leave.
A few extra seconds of scrutiny and a culture of double-checking can prevent costly mistakes—and help everyone enjoy a safer holiday season.
Stay vigilant this holiday season—don’t let cyber scams ruin your festivities.
If you’re unsure about a suspicious email or payment request, reach out to our team for advice before you act.
