Online scammers and criminal hacking gangs are, by their very nature, opportunists. While some attacks might seem haphazard, many are targeted, the criminals employing sophisticated knowledge to pursue their victims. Some scammers might look for targets they consider vulnerable such as older adults, companies with outdated business systems or those businesses or organizations not using robust anti-ransomware software as being susceptible to attack, while other hackers might prey on our emotions with sophisticated phishing scams. Timing, too, plays a role in the frequency and type of cyberattacks carried out. A case in point for the latter was the massive surge in cyberattacks after the outbreak of Covid-19 in 2020, with criminals well aware that they could capitalize on the sudden shift to remote working, which left many avenues open to exploitation.
But it is perhaps underreported that the Christmas Holiday period is regarded as the most popular time for carrying out cyberattacks. In fact, some studies show that the number of attacks rises by up to 30% in the week between Christmas and New Year. It’s a worrying statistic, of course. But why is there a heightened risk of online scams and ransomware attacks at this time of year? And how can you protect yourself? Below, we look at the reasons why ransomware and cyberattacks occur more frequently during the Holidays.
Increased Online Activity & Spending
In effect, the important aspect here is not spending time online but what you are doing online in and around the holidays. Typically, people will make more online purchases, with a boon in sales for online retailers starting from Black Friday onward. During this period, shoppers will be using their credit cards more, visiting unknown websites looking for deals, sending and receiving gift packages to family and friends, and purchasing travel tickets, and sending and receiving packages. All of these activities represent opportunities for scammers, particularly those who use phishing scams. For example, criminals know that people may be tricked by SMS phishing delivery scams, with cybercriminals mimicking the likes of UPS, Amazon, and FedEx.
Decreased IT Staffing Levels
For any business or organization, the Holidays represent a popular time for employee vacations. Naturally, the IT staff that monitors and responds to security incidents will also be taking time off over the Holidays, leaving many businesses running with decreased staff and taking more time than usual to respond to attacks. This represents opportunities for criminal gangs, and it’s for this reason that ransomware attacks are more likely to take place over the weekend and on major holidays like Halloween and Thanksgiving. And it’s not just businesses. Consider, for example, how likely it is that your bank’s fraud protection and cybersecurity teams will be working at reduced levels during the Holidays, leaving bank clients just a little more vulnerable. Scammers know this, too, and they ramp up their attacks accordingly.
Victims Likely to Pay Ransom
Some reports state that ransomware attacks increase by up to 70% during the period from November through January compared to the rest of the year – and there is also a suggestion that businesses and individuals are more likely to pay the ransomware demands should they fall victim. Ransomware payments have been predicted to reach new highs in 2023, with analysis showing that criminal gangs are targeting organizations with ready cash flows, a practice known colloquially as “big game hunting.” The same rule applies to businesses and individuals in the lead-up to – and over – the Holidays, with scammers aware that cash is more readily accessible. Moreover, businesses may opt to pay the scammers in a – sometimes futile – effort to reduce interruptions during such a peak sales period and to achieve damage control before re-opening after the Holidays.
Most of us like to relax, especially around the holidays, and that makes us more susceptible to online scams. When our guard is down, we are more likely to fall prey to cyber tricks like fake Holiday promotions, or the previously mentioned package delivery scams. It is perhaps underappreciated just how much stock criminals put into the psychological elements of online scamming. They know we are less vigilant during the Holidays, happily clicking on holiday-related emails and promotions, so they probe that weak point looking for an opening.
As mentioned, cybercriminals are opportunists, and they know how to customize scams for each occasion. Tailored phishing campaigns in the form of emails offering gifts and discounts, messages requesting donations for the needy, and notifications announcing the arrival of gift packages, are more likely to be used in the lead-up to the Holidays. The most effective scams are enticing, pushing us to click a malicious link or relinquish our personal data, without appropriate caution. In 2022, for example, many news organizations published articles on the prevalence of increased numbers of online scammers looking to capitalize on the Black Friday/Cyber Monday sales, particularly as consumers shopped around looking for inflation-beating bargains.
Increased Use of Personal Devices for Work
For many of us, work does not end when we leave the office. We mentioned at the beginning of this article that the Covid-19 pandemic and remote working saw a spike in cyberattacks, and the same logic applies to the Holidays. Though steps can be taken to secure smartphones, tablets and other personal devices, working on these devices usually does not afford the same levels of security as a well-protected office environment. The dangers of using personal devices increase with the use of potentially exposed public Wi-Fi such as that found in cafes, airports, hotels, etc. This leaves devices and networks – and the people and businesses that use them – open to attack.
Exploitation of Goodwill
Sadly, scammers know that we are more likely to be generous during the Holidays. Many Holiday phishing scams will come in the form of charity campaigns, preying on our sense of goodwill, to trick us into handing over money or personal data. Again, psychology is at play here. It is the “Season of Goodwill,” and scammers rely upon our good nature, hoping to lure us into responding to hoax campaigns. Charity impersonation scams can be increasingly sophisticated and hard to identify, and experts have warned about the need for extra caution during the Holidays.
Summary: How to Protect Yourself from Ransomware and Online Scams During the Holidays
As we have seen, there are many reasons why cyberattacks increase over the Holidays. It’s not just the Christmas Holidays either, as scammers know that holiday weekends like Labor Day and other non-working holidays lead to opportunity. IT team members and those responsible for maintaining the cybersecurity of a business are more likely to be taking time off during the same period employees may be accessing sensitive business data on unprotected personal devices. Security, in general, may be reduced while the business is left more susceptible to attacks. On a personal level, it seems that throughout the Holidays, everyone is more relaxed, generous and open – and less vigilant – and all the while, we will be more active online, shopping and making other out-of-the-ordinary transactions.
So, how can we protect against increased Holiday cyberattacks? The first step is to be aware that we are more vulnerable during this period. Educating ourselves on the threats of phishing and other attacks is paramount. Then, take extra care as you shop and respond to emails. Make the necessary changes to reduce your vulnerability and risk of being attacked. For robust protection against all types of cyberattacks, use effective anti-ransomware software and phishing protection on all your devices. This acts as the first – and most important – line of defense against holiday hackers, scammers, and cybercriminals during the Holidays and all year long.