As business slows down, fewer staff members are tracking and monitoring ransomware attacks too. Cybercriminals anticipate this lull in vigilance and Website Security and make the most of it, in this case, phishing attacks.

It’s the ‘silly’ season, and if you thought cybercriminals would be taking the holiday off – think again. Sadly, this time of the year, criminals of all kinds are upping their activities and tactics to exploit their victims at a time when many are just looking to unwind and relax.

Phishing Attacks on The Rise

Cybercrime tactics are no longer just the obvious mass “spam” approach. According to a report from the South African Risk Information Centre (SABRIC), cybercriminals are making use of highly tailored and sophisticated social engineering tactics to successfully trick unsuspecting victims into disclosing sensitive information.

Phishing attacks—and variants thereof like vishing (voice phishing) and smishing (SMS phishing)—are on the rise, causing considerable threats to businesses and individuals throughout the year. However, during December and January, the threat is in overdrive.

In the latest State of Email Security report of March this year, Mimecast uncovered that 94% of companies have been targets of phishing attacks during 2021. Phishing is a type of cyber-attack that uses email to trick victims into clicking on links with the aim to deploy malware or viruses onto their devices, direct them to bad websites, or deceive recipients into sharing personal or business information.

The business or personal information obtained can then later be used in more elaborate criminal schemes.

Example Phishing Attack: Fake Tender Proposal

An example of a dangerous phishing attack that took place:

Cybercriminals use clever social engineering to contact companies and offer them the opportunity to apply for tenders. Businesses apply for these seemingly legitimate tenders, submitting the personal business information requested. Companies may even be contacted for additional information after being notified that they have successfully made the shortlist.

Unknowingly, businesses are sharing sensitive information with cybercriminals who can now use the information collected to clone the business’ identity and successfully launch more fraudulent activities.

In this example, cybercriminals are phishing for company documents to gain access to sensitive details that they can use to impersonate the company. These documents can then be used to open fake credit accounts with suppliers. With a successfully created supplier account, cybercriminals can very easily order goods to the maximum credit available.

Businesses that fall victim to these types of phishing attacks might only be aware fraud has taken place once the supplier follows up with them directly to settle outstanding credit after 30, 60, or even 90 days.

Be careful!

This festive season, be on high alert. Cybercriminals don’t take breaks! Ensure cyber security is a priority for your business even while business is winding down for the holidays.