Skip to contentSkip to search
TELUS Business

‘Tis the season of cyber attacks: How to protect your business

Tech Trends · Dec 14, 2023

Phishing is a persistent and evolving cybersecurity threat that targets people, organizations and institutions worldwide. This threat is one of the three most common cyber attacks in Canada, and only 50% of Canadian organizations have a formal protection plan in place against cybercrimes.

This particular cyber attack involves online fraud in which cybercriminals pose as trustworthy entities to deceive people into revealing sensitive information, such as login credentials, financial details or personal data. These deceptive tactics often involve sending fraudulent emails, text messages or messages via social media platforms to trick people into taking actions that compromise their security. 

Unfortunately, phishing attempts become more frequent and elaborate during the holiday season. This threat has become one of the most sophisticated and highly effective form of cybercrime as social engineering is used to exploit both people and businesses that may be vulnerable. By staying vigilant and proactive, your organization can avoid falling victim to holiday-season phishing attacks. Here are valuable insights to help you understand threats and mitigate risk.

The rise of phishing attacks around the holiday season

Cybercriminals are known to exploit vulnerabilities around increased online activity and consumerism as sensitive information is shared across various platforms and websites. Here are some reasons why phishing attacks are on the rise with the holidays just around the corner:

1. Increased online shopping and financial transactions 

During the holiday season, a surge in online shopping provides cybercriminals with opportunities to launch phishing scams, send phishing links or create fake e-commerce websites to steal financial information

2. Distracted users and social engineering tactics 

Festivities and celebrations can lead to distracted online behaviour, not to mention holiday emotions that get exploited such as generosity, making users more susceptible to social engineering tactics and phishing attempts. 

3. Reduced IT staffing 

Many organizations operate with reduced IT staffing during the holidays, creating opportunities for cybercriminals to exploit unnoticed vulnerabilities.

4. Less system patching 

Some organizations delay applying software patches and updates during the holiday season, creating opportunities for cyberattacks.

Protecting your organization during the holiday season

It’s crucial to recognize the signs of phishing attempts, educate employees and implement security measures to protect against this evolving threat. Here are the most common phishing techniques that may be easy to miss among all the promotional emails people get during this season. Here are some potential threats to watch out for: 

  • Emails that appear to be from reputable sources 

  • Websites that mimic legitimate organizations

  • Malicious attachments or links

  • Social engineering tactics created to manipulate emotions and behaviours


The most common phishing attempts during the holidays 

With phishing attempts taking centre stage in the digital landscape, malicious players leverage various strategies to exploit the season's goodwill, making it imperative to stay vigilant against an array of cybersecurity risks, such as:

1. Digital payment-based scams 

Phishers use well-known payment applications as a ruse to steal sensitive information, posing as online payment services like PayPal, Venmo or TransferWise. 

2. Finance-based phishing attacks 

Scammers impersonate banks or financial institutions, invoking fear or urgency in victims to gain personal information or credentials. 

3. Work-related phishing scams 

Attackers pose as executives or colleagues, requesting wire transfers or fake purchases, targeting employees and potentially compromising the organization's security. 

4. Fake charity campaigns

Cybercriminals exploit the giving spirit of the holidays to create fake charity campaigns, diverting donations for their gain and potentially stealing personal and financial information. 

5. Ransomware attacks 

Ransomware attacks increase during the holiday season, often launched through phishing campaigns. These attacks can have devastating consequences for both employees and organizations. 

6. DDoS attacks 

Distributed Denial of Service (DDoS) attacks can also become more prevalent during the holidays, targeting organizations when networks are already strained. 

7. SQL injections 

SQL injection attacks are common during high-activity periods like the holidays, exploiting vulnerabilities in web applications. Cyber criminals use malicious SQL code for backend database manipulation to access information that's inaccurate or not meant to be shown.

8. Stolen credentials 

Attacks using stolen credentials are on the rise, with threat 'actors' successfully executing high-profile breaches through a combination of stolen credentials and social engineering tactics.

Preventing phishing attacks

To protect your organization during the holiday season and throughout the year, consider implementing the following security measures: 

  • Establish a comprehensive holiday strategy, including an emergency plan and a 24/7 available response team

  • Partner with a managed service provider to enhance your organization's cybersecurity response

  • Conduct a pre-holiday audit to validate infrastructure, patch vulnerabilities and ensure compliance with industry security standards

  • Keep systems up to date, including firewalls, antivirus software and anti-malware tools

  • Provide training and education to employees, emphasizing the importance of identifying and avoiding phishing attempts. You should focus on helping them verify the legitimacy of emails and website links. It’s also important to help employees learn how to report suspected phishing messages so they can be investigated and blocked by the organization

  • Implement the use of strong, complex passwords and password managers

By maintaining a proactive approach to cybersecurity, you can safeguard your organization's data, reputation and financial assets while also protecting your employees' personal information during the holiday season and through the new year. With the right partner, you can elevate your defenses to a new level, as they can provide multi-layered solutions tailored to protect your organization even before threats arise, ensuring long-term security efficacy.

Connect with a managed IT specialist today to learn how TELUS Business can help with your evolving IT needs.

Authored by:
TELUS Business
TELUS Business