Do Not Let Holiday Cyber Scams Impact Your Organization
The holiday season is a time of friends, family, and fun — and, unfortunately, also cyber fraud. Various studies show that cybercrimes surge by about 30 percent during the holidays. Common scams include phishing emails with malicious links, malware-infected advertisements, and fraudulent charitable appeals. Nonpayment and non-delivery scams cost Americans more than $785 million during the 2024 holiday season, according to the FBI.
Consumers are not the only victims. Many employees shop online from the office or while using a corporate device. That means holiday threats could expose company networks and business-critical information.
Cybercriminals target businesses as well. Attempted ransomware attacks are typically 70 percent higher in November and December than in January and February. Phishing attempts surge by 46 percent in December compared to the monthly average. One study found a 106 percent increase in the number of malware infections during the first weekend of the season.
Several factors create a perfect storm for successful attacks during the holidays. Many security and IT teams run on skeleton crews, meaning fewer people are available to monitor for and respond to threats. At the same time, the surge in online shopping provides more opportunities for data theft and fraud.
Employees are often distracted by the festive period, making them more susceptible to social engineering tactics. An influx of seasonal employees with limited cybersecurity training can also create weak points in an organization’s defenses.
Every user plays a role in preventing holiday cyber scams. Here are four ways to protect yourself and your organization:
Update your operating system and software with the latest patches. Experts estimate that more than half of all breaches exploit known vulnerabilities for which a patch has been released but not applied. Ensure that your operating system, web browsers, and other software are always up to date. Note: NetAscendant performs these tasks for its supported computers.
Use strong passwords and multifactor authentication. Weak access controls often provide the initial entry point for cyberattacks. Create unique, strong passwords for all your online accounts and change them regularly. Use Multi-Factor Authentication (MFA) whenever it is available, as it adds an extra layer of security to your accounts.
Be vigilant. Attackers often lure in their victims by creating a sense of urgency. Be suspicious of unsolicited emails, messages, or calls, and especially wary of offers that seem too good to be true. The holidays are a good time to review your cybersecurity training and refresh your memory about the latest threats and how to avoid them.
Be extremely cautious anytime you are prompted for your username and password, especially from emails, pop-ups, or unexpected login pages. When in doubt, stop and verify the source through a known, trusted path.