Holiday Season Cyberattacks: What to Watch Out For

The festive cheer of mid-November and December often extends to opportunistic threat actors who use this time of year to catch companies and people off guard. The holiday season usually sees an increase in several types of cyber threats, and it’s worth being extra vigilant to avoid falling prey to these scams. Here’s a run-through of some holiday season cyberattacks that companies and employees should watch out for.  

Top Holiday Season Cyber Threats 

Being aware of and keeping an eye out for these cybersecurity threats can save companies a lot of hassle during the holiday season.  

Holiday-Themed Social Engineering

Threat actors exploit the festive mood during the holiday season and target employees with holiday-themed social engineering attacks. A spirit of giving often defines this time of year, with people more inclined to act charitably and think of those less fortunate. Attackers capitalize on this by creating fake charity campaigns or donation requests. Usually, these come in the form of phishing emails that appear to be from legitimate charities, asking for donations or personal information and linking to malicious websites.  

Another type of holiday-themed social engineering targeting employees is the gift card scam, which sees hackers posing as company executives, department heads or partners and asking employees to purchase gift cards. Communications about gift cards might allude to an employee or an important client. The email could contain links to malicious sites that are ostensibly links to online gift cards.  

Remote Work Vulnerabilities

Before COVID-19 struck, most employees had to brave whatever extreme weather conditions hit that winter to get to work. But the normalization of work-from-home now means that people are more likely to work remotely during the holidays. Cyberattacks targeting remote work vulnerabilities have more of a chance of succeeding during this time.  

A threat to watch out for is attacks that directly target remote work infrastructure, including the RDP (remote desktop protocol) or VPN connections that employees use to connect to internal networks and access resources. Shoring up the security of these connections and ensuring you switch on multi-factor authentication is a good way to fend off account compromises.  

Year-End Financial Scams

Another threat that finance or accounting departments should watch out for is year-end financial scams. As companies close their yearly accounts, it’s not uncommon for there to be a high volume of transactions where fraudulent activities might be more easily overlooked. 

For example, companies often settle accounts with vendors at the end of the year. Threat actors take advantage of this by sending fake invoices or altering the banking details on legitimate invoices. Employees working in finance might feel rushed with year-end tasks or distractions that cause them not to verify these changes as rigorously as they would in normal times.  


Ransomware is a year-round threat to businesses of all sizes but tends to increase around the holiday season. Interesting research from 2021 found that ransomware attacks spike globally during November and December by up to 30% compared to the typical monthly average.  

Threat actors perhaps think they can catch short-staffed security teams off guard, as many people go on annual leave around this time of year. Another possible explanation is that businesses that rely heavily on revenue around the holiday season are less tolerant of any downtime in their systems and arguably more likely to cave to hacker demands.  


In a similar vein to ransomware, DDoS attacks that aim to take online services down are also one of the more prominent holiday season cyberattacks. The holiday season is a peak time for online activity, with increased shopping, social media use and general internet traffic. More people online makes this time of year attractive for attackers to conduct DDoS attacks and disrupt businesses like e-commerce companies or retailers that rely heavily on online availability.  

Why Do Cyberattacks Increase During Holiday Season? 

In a 2021 public service announcement, CISA Director Jen Easterly pointed to the heightened threat environment during the holiday season.” Several underlying factors may drive this increase, including:  

  • The festive season brings added personal and professional distractions as employees juggle work responsibilities and holiday preparations. Attackers exploit these distractions, assuming that overburdened or distracted employees are more likely to overlook suspicious signs in emails or communications. 
  • During the holidays, staffing levels can be lower, and key security personnel might be on leave. Already stretched security teams hampered by a chronic cybersecurity talent shortage could more easily crumble when a number of them simultaneously take days off.  
  • Aside from the issue of being distracted during the hectic holiday season, employees tend to expect a higher volume of promotional emails during the holidays. Attackers exploit this by sending phishing emails disguised as legitimate holiday offers or gift ideas, which can be more effective in tricking people into clicking malicious links or sharing sensitive information. 
  • As alluded to in the previous section, the holiday season often evokes strong emotions like empathy or an increased sense of urgency. Cybercriminals exploit these emotions and use social engineering tactics that create a sense of excitement, urgency or charitability to prompt hasty actions, like clicking on a link without proper scrutiny. 

Stay Secure During the Holidays and Beyond

Dealing with the holiday season cyberattack surge is challenging enough. However, with many companies finding themselves under-resourced as IT and cybersecurity employees take leave to spend time with their families, these businesses become more vulnerable. The limited staff availability impacts the immediate response to incidents and the proactive monitoring and threat hunting that are crucial in preventing breaches. 

In light of these challenges, Nuspire’s managed detection and response (MDR) service emerges as a valuable solution that offers a way to extend your company’s cybersecurity capabilities not just for the holiday season but year-round.   

Contact us to learn more.  

Have you registered for our next event?