Holiday Cheer or Holiday Fear? An Increase in Cybercrime is Lurking

As the holiday season approaches, our minds are filled with thoughts of joyful gatherings, heartfelt gift-giving, and cherished moments with loved ones. Unfortunately, our festivities provide cybercriminals with the perfect opportunities to plan their attack. With many of us traveling and preoccupied with celebrations, our focus can drift, leaving us vulnerable to a wave of cyber threats. 

Cybercrime becomes increasingly active as the holiday season unfolds. Both the Federal Bureau of Investigation (FBI) and the Cybersecurity & Infrastructure Security Agency (CISA) have issued warnings about a surge in cyberattacks typically beginning after Cyber Monday. Alarmingly, a recent survey revealed that 78% of U.S. consumers either fell victim to or were targeted by holiday-related fraud last year.

In this blog, we will dive into the potential cyber threats that loom over the holidays, warning signs to watch out for, and how Telesystem can assist in keeping your businesses and employees safe during this holiday season.

The Most Wonderful Time of Year… For Cyberattacks

Every year, the holidays bring more than just festive cheer and a big man dressed in a red suit: they also bring a reliable upswing in cyberattacks. From major retailers like Macy's, PoshMark, and Adidas to attacks that pose threats to national and government security, cybercriminals are always on the lookout for vulnerabilities to exploit.

It is pretty evident that the holiday season is the perfect time for malicious actors to strike, but what makes this time of year so attractive for cybercriminals?

Increased Online Activity: During the holiday season, people are more active online. Whether it's shopping for gifts, making travel arrangements, or sending season's greetings, digital activity spikes significantly. According to cybersecurity experts, email traffic increases by 30% during the holidays. This surge provides cybercriminals with a larger pool of potential targets to attack.

Distraction and Hectic Schedules: The holiday season is known for its hustle and bustle, making individuals more vulnerable to cyberattacks. People are juggling parties, travel plans, family gatherings, and the stress of gift-buying. Cybercriminals exploit these moments of inattention, leading to a 63% increase in malware infections during the holidays.

Business on Break: Organizations are especially susceptible to ransomware threats, phishing attacks, and other dangers during the holiday season, as November, December, and January represent ideal times for many employees to use paid time off. With fewer eyes on computer systems, there's less chance of malware being spotted in a timely manner. This makes long weekends and other holiday periods ideal for cybercrime.

Employee Use of Work Devices: In an increasingly connected world, employees may use work devices for personal activities, including online shopping during working hours. A recent study found that 69% of employees admit to shopping online while on the clock, creating potential vulnerabilities within the workplace. Cybercriminals can exploit these practices, as a compromised work device can have far-reaching consequences, especially during the holiday season.

In other words, the holiday season assembles the perfect storm of circumstances for malicious attackers to strike and succeed, and it's important for companies to take steps to protect themselves during this time of heightened vulnerability. The first step is understanding the different types of holiday cyberattacks, so appropriate measures can be implemented proactively.

Common Types of Holiday Cybercrime

During the holiday season, cybercriminals employ various tactics to target individuals and businesses. A crucial step in protecting your company is understanding these common holiday cyberattacks:

Phishing Scams: Cybercriminals send deceptive emails and messages impersonating trusted entities, offering enticing holiday deals. These often lead to employees clicking on malicious links or downloading infected attachments.

Ransomware Attacks: Ransomware is a malicious software that encrypts a victim's data, demanding a ransom for its release. During the holidays, cybercriminals may exploit the distraction and chaos to infiltrate businesses, causing significant disruption and financial loss. Darktrace observed a 30% increase in ransomware attacks during the holidays, and a 70% increase during the months of November and December. 

Online Shopping Frauds: With the surge in online shopping, especially during the holiday season, cybercriminals often create fake shopping websites and apps to steal financial information. Unsuspecting shoppers may enter their credit card details on these malicious platforms, resulting in financial loss.

Impersonation Scams: Cybercriminals may impersonate legitimate organizations, charities, or even family members, seeking donations or assistance during the holidays. These scams prey on individuals' generosity and can lead to financial loss or personal data exposure.

Fake Holiday E-cards: E-cards, a common way to send holiday greetings, can be compromised by cybercriminals. Malware-laden e-cards may be sent to unsuspecting recipients, infecting their devices and potentially compromising sensitive data.

Track Email and Text Scams: Cybercriminals will send emails or texts with purported tracking details for online orders. They can lead to phishing pages that steal PII or ask for payment. They can also be a means of opening up conversations designed to elicit personal information or steal funds. According to a 2023 report from the Internet CrimeComplaint Center (IC3), non-payment or non-delivery scams cost consumers more than $309M last year.

Being aware of these types of holiday cybercrime is the first step in protecting your business. However, education should not stop there. Let's explore the ways your business and employees can stay protected this holiday season.

How Telesystem Can Protect Your Business and Employees this Holiday Season:

It goes without saying that one should always keep best security practices in mind during the holiday season: never click on suspicious links, never download email attachments before checking the sender's address and legitimacy, stay away from fishy websites, use complicated passwords, change those passwords frequently, and utilize multi-factor authentication mechanisms.

However, cybercriminals have mastered the art of deception, and there is only so much one can do. This is why we’ve outlined a few solutions necessary to ensure cybercriminals stay away and do not steal the joy away from your special holiday season.

Employee Security Awareness Training

As the holiday season kicks into high gear, employees often find themselves spending more time online, with a staggering 98% of consumers planning to do their holiday shopping digitally this year. While this increase in online activity is a boon for retailers, it also opens the door for cybercriminals who are lurking, ready to exploit employees during this busy time. With over 92% of security breaches attributed to human error, it’s clear that the very people who should be the company’s greatest asset can inadvertently become its weakest link. 

Even minor mistakes can lead to significant repercussions, especially during the holidays. The case of the Grand Forks Public Schools serves as a stark reminder of this risk, with the institution losing $2.2 million in a phishing scheme just before Thanksgiving—a time when most employees are preoccupied with deadlines and holiday preparations. This incident underscores a crucial reality about cybersecurity: the human element is often the weakest link. Cybercriminals are adept at exploiting this vulnerability during high-stress periods, such as the holidays. That's why it is essential for organizations to prepare their teams to recognize these ever-evolving threats. 

To address this issue, Telesystem offers Employee Security Awareness Training. Our automated, ongoing training program teaches employees how to recognize phishing attempts, identify fake phone calls generated by AI, and spot other deceptive tricks. By learning about common scams—especially those that look like holiday deals—employees can help reduce the chances of their company becoming a victim during this busy time. This training promotes teamwork in cybersecurity, encouraging everyone to play a part in keeping the organization safe. When employees know how to identify strange behavior, they are more likely to report it quickly and correctly. 

The landscape of cyber threats is constantly changing, which means a company’s approach to risk must evolve too. At the heart of a strong cybersecurity culture lies the understanding that people—not just technology—are central to security efforts. Employees can be both the weakest and the strongest links in this chain. Therefore, it's vital to create an environment where employees become the first line of defense. By prioritizing security awareness training this holiday season, organizations can empower their teams to act as human firewalls—able to detect, block, and report malicious activities. 

Advanced Email protection

For many, the excitement of capturing a holiday bargain can cloud judgment, making even the most cautious employees susceptible to scams. Cybercriminals take advantage of this mindset, crafting convincing phishing schemes that promise unbelievable offers such as flight discounts and Black Friday deals. With the help of advanced AI technologies, scammers employ tactics that create a sense of urgency. Phrases such as “limited time offer” or “only one item left” can quickly push anxious consumers to act before they think, leading them to enter personal and payment information on fraudulent sites. 

Phishing attempts are a common cybersecurity attack that rise as much as 495% between October and November, and it is easy to see why; on top of their usual workload and holiday preparations, employees are bombarded with triple the amount of emails, including holiday promotions, deals, shipment confirmations, and charity donations. With malicious links and harmful attachments masquerading as innocent holiday content, many employees find themselves unknowingly stepping into cyber traps. 

This reality was highlighted in late January of 2020 when the largest package delivery company in the world, UPS,discovered that an unauthorized group successfully devised a phishing scheme to gain entry into the email accounts of numerous store locations. The breach occurred and went undetected between the end of September and early January, UPS’s busiest season. The breach exposed sensitive customer data, including names, addresses, and payment card information, creating a distressing situation for the affected customers, ultimately affecting their trust in the company.

As depicted through UPS’s cyberattack, email security has never been more critical. Telesystem's Advanced Email Protector offers a comprehensive solution to keep your employees and business safe this holiday season. This system provides multi-layered protection against spam, email viruses, and various forms of email-based attacks that often fly under the radar. With features like encryption and outbound email screening, it further ensures that vital internal information doesn’t inadvertently enter the wrong hands.

Managed SOC (Security Operations Center)

The holiday season is a time for joy and celebration, but it is also prime time for cybercriminals to ramp up their activities, taking advantage of the lax security measures many organizations adopt.  One key factor behind this vulnerability is the reduced staff presence in the office. With employees taking time off to enjoy the season, there are fewer people available to monitor and respond to potential security threats. This reduced workforce creates a window of opportunity that cybercriminals are all too eager to take advantage of, with fewer sets of eyes on the digital infrastructure.

Consider the case of Ardent Health Services last Thanksgiving. This Nashville-based organization experienced a catastrophic ransomware attack that impacted 30 hospitals across the nation, leading to rerouted ambulances, postponed surgeries, and jeopardized data security. Such high-profile breaches highlight a troubling trend: cyberattacks are more likely to occur when organizations are least prepared to respond, during the merry holiday season.

The months of November to January pose heightened risks as the combination of reduced staffing and an influx of security alerts can overwhelm even the most prepared teams. A company with an average of 1,000 employees can receive up to 22,000 security events per second, so it is no surprise that critical warnings can be overlooked. In fact, over 20% of these security alerts are ignored due to the sheer volume, leaving businesses exposed to breaches when their defenses are at their weakest.

This is where a Managed SOC becomes essential. Our managed platform approach to cybersecurity simplifies operations and reduces security gaps left by traditional IT security tools.  Telesystem’s Managed SOC is a complete, managed security platform to prevent, detect, respond and even predict future attacks across your entire business. Our cybersecurity experts work as an extension of your in-house team, providing 24/7/365 monitoring and threat detection to ensure your business stays protected even when your staff is less present. Additionally, our SIEM solution is tasked with monitoring an ever-increasing attack surface that encompasses physical servers, workstations, endpoints and cloud infrastructure to ensure your environment is safe. While our team works diligently to keep cybercriminals away from your digital landscape, you can focus on what truly matters—celebrating the holidays with your loved ones.

Telesystem has the Cybersecurity Solutions You Need

The holiday season is a time for joy, celebration, and connecting with loved ones — and for many, that includes the convenience and excitement of shopping online. But alongside the warmth of celebration comes a sobering reality: cybercriminals are ready to exploit our distractions, busyness, and goodwill. Their attacks not only pose a risk to your business operations but also jeopardize the trust you’ve cultivated with your customers and employees.

At Telesystem, we understand what’s at stake. Cybersecurity isn’t just about technology; it’s about protecting the people behind the screens—your employees, your customers, and your community. That’s why we take a comprehensive approach to security, integrating solutions customized to your industry, including proactive employee security awareness training, advanced email protection, and 24/7 managed threat monitoring. While you are busy cooking, shopping, and spending time with loved ones, let Telesystem provide you with the ultimate gift: peace of mind.