It’s the ‘silly’ season, and if you thought cybercriminals will be taking the holiday off – think again. Sadly, this time of the year, criminals of all kinds are upping their activities and tactics to exploit their victims at a time when many are just looking to unwind and relax.

As business slows down, fewer staff members are tracking and monitoring ransomware attacks too. Cybercriminals anticipate for this lull in vigilance and make the most of it.

Cybercrimes tactics are no longer just the obvious mass "spam" approach. According to a report from the South African Risk Information Centre (SABRIC), cybercriminals are making use of highly tailored and sophisticated social engineering tactics to successfully trick unsuspecting victims into disclosing sensitive information.

Phishing attacks – and variants thereof like vishing (voice phishing) and smishing (SMS phishing) – are on the rise causing considerable threats to businesses and individuals throughout the year. During December and January however, the threat is in overdrive.

Phishing Attacks

In the latest State of Email Security report of March this year, Mimecast uncovered that 94% of companies have been targets of phishing attacks during 2021. Phishing is a type of cyber-attack that uses email to trick victims into clicking on links with the aim to deploy malware or viruses onto their devices, direct them to bad websites, or deceive recipients into sharing personal or business information.

The business or personal information obtained can then later be used in more elaborate criminal schemes.

An example of a dangerous phishing attack that is currently taking place:

By using clever social engineering manoeuvres, cybercriminals contact companies with the opportunity to apply for tenders. Businesses apply for these seemingly legitimate tenders, submitting the personal business information requested. Companies may even be contacted for additional information after being notified that they have successfully made the shortlist.

Unknowingly, businesses are sharing sensitive information with cybercriminals who can now use the information collected to clone the business’ identity and successfully launch more fraudulent activities.

This is an example of how such a fake tender proposal may look:

In this example, the cybercriminals are phishing for company documents. These documents can then be used to open fake credit accounts with suppliers. With a successfully created supplier account, cybercriminals can very easily order goods to the maximum credit available.

Businesses that fall victim to this type of attack might only be aware fraud has taken place once the supplier follows up with them directly to settle outstanding credit after 30, 60 or even 90 days.

Be careful!

This festive season be on high alert. Cybercriminals don’t take breaks! Ensure cyber security is a priority for your business even while business is winding down for the holidays.