**Simple cybersecurity tips to stay safe this December**

[\\ Back to Kora Blog](https://www.korahq.com/fr/blog) In Merchant Security Awareness # Simple cybersecurity tips to stay safe this December December 22, 2025 December 22, 2025   Oluwapamilerin Awodipe Information Security Share Article [](https://www.facebook.com/sharer.php?u=https://www.korahq.com/post/simple-cybersecurity-tips-to-stay-safe-this-december/)[](https://www.linkedin.com/shareArticle?url=https://www.korahq.com/post/simple-cybersecurity-tips-to-stay-safe-this-december&title=Simple%20cybersecurity%20tips%20to%20stay%20safe%20this%20December)[](https://twitter.com/share?text=Simple%20cybersecurity%20tips%20to%20stay%20safe%20this%20December&url=https://www.korahq.com/post/simple-cybersecurity-tips-to-stay-safe-this-december/) # Table of contents - [Why cyberattacks spike during the holiday season](https://www.korahq.com/fr/blog/simple-cybersecurity-tips-to-stay-safe-this-december#toc-why-cyberattacks-spike-during-the-holiday-season) - [The consumer threat landscape](https://www.korahq.com/fr/blog/simple-cybersecurity-tips-to-stay-safe-this-december#toc-the-consumer-threat-landscape) - [The organizational threat landscape](https://www.korahq.com/fr/blog/simple-cybersecurity-tips-to-stay-safe-this-december#toc-the-organizational-threat-landscape) - [Holiday cyber-defence: Best practices](https://www.korahq.com/fr/blog/simple-cybersecurity-tips-to-stay-safe-this-december#toc-holiday-cyber-defence:-best-practices) # Editor's note: ‍ This festive season is filled with celebrations and numerous activities, but it also presents one of the most attractive windows of opportunity for cybercriminals. People tend to relax their guard, teams operate with reduced capacity, and both consumers and businesses move faster than usual in an effort to keep up. This creates conditions in which attention is divided, making it easier to make small mistakes. Attackers understand this and the pattern shows in the data each year, with phishing attempts, fraudulent shopping sites, and account takeover attacks consistently increasing around major retail events, such as Black Friday and the end-of-year sales. [McAfee’s Global Holiday Shopping Scams Study in 2024](https://www.mcafee.com/en-us/consumer-corporate/newsroom/press-releases/2024/20241121.html) found that unsolicited Black Friday-themed scam emails surged by 495% between October and early November. Then, it was followed by a more than 300% increase in EOY-related scam emails, illustrating how attackers scale their activity precisely during these periods. These attacks rarely depend on sophisticated techniques. Instead, they succeed because of timing, arriving when people feel rushed, overloaded, or eager to clear their inboxes. Recognising how these seasonal dynamics shape behaviour is important for staying secure throughout the holiday period. ## **Why cyberattacks spike during the holiday season** The holiday season brings urgency and distraction, which makes people more likely to act first and question later. For example, when a shopper is faced with a limited-time offer or a business is processing a last-minute payment, speed often takes priority over scrutiny, allowing routine caution to slip. Attackers take advantage of it, knowing that teams are stretched thin, IT changes are often frozen, and unusual activity is less likely to be noticed. Combined with record levels of online spending, this creates an ideal window for fraud. For people, the fear of missing out can easily override good judgment. For businesses, the risk is operational, as activity that would stand out earlier in the year can blend into the background noise of December. If you recognise these seasonal patterns, it’s easier to spot risks before they turn into real incidents. ‍ ## **The consumer threat landscape** According to a [Norton](https://newsroom.gendigital.com/image/NCSIRHolidayGlobalReport2025.pdf) study, nearly half of consumers say they are willing to share personal information if it means receiving a discount, a behaviour that creates a wide opening for fraud during peak shopping periods. Here are the most common holiday scenarios and how they typically unfold: ### **1\. The "Too Good to Be True" Deal** If an offer looks too good to be true, it usually is. Late at night, while scrolling on your phone, you may suddenly find a sold-out item available at half price, complete with a countdown timer urging you to act fast. These offers often come from fraudulent websites built specifically for the holiday rush, designed to closely mimic legitimate retailers. Once you enter your payment details, fraudsters harvest your information and the site disappears shortly after. Slowing down can make all the difference. Check the website address carefully and navigate directly to the retailer’s official site instead of clicking ads or promotional links reduces risk. Legitimate retailers don’t rely on panic to close a sale, so if you’re being pressured into a purchase, it is often the first sign that something is wrong. ### **2\. The package delivery anxiety** During the holidays, delivery notifications multiply, and attackers know people are eager for reassurance that their purchases are on the way. A text message claiming a delivery failure or asking for a small rescheduling fee can feel believable, especially when several packages are already in transit. These messages often lead to credential-stealing pages designed to closely resemble well-known courier services, making them easy to trust at a glance. In the rush of the season, even tech-savvy users may click simply to clear the notification and move on. A safer approach is to ignore the link altogether and open the courier’s official app or the retailer’s website directly. Small habits like verifying delivery updates through trusted channels can prevent account exposure at a time when distractions are at their highest. ### **3\. Weaponising your goodwill** The season of giving is also the season of taking. December is the busiest month of the year for charitable donations, which makes it an attractive time for fraudsters. Attackers often create near-identical versions of legitimate nonprofit websites and pair them with emotional stories designed to encourage quick, impulsive donations. When generosity is combined with urgency, most people often skip verification. Before donating, confirm the charity through a trusted directory or contact the organization directly. Giving through official websites helps ensure your money reaches the right place and keeps your financial information secure. ### **4\. Phishing emails & impersonation** **‍** December is a peak period for account takeover attempts as people log in from new devices, travel more frequently, and connect through unfamiliar networks. In this context, an email from a bank or retailer asking you to verify your account can easily feel routine, especially after recent holiday purchases. Attackers carefully design these messages to mirror trusted institutions, relying on familiarity and distraction to prompt clicks. Checking the sender address closely often reveals subtle inconsistencies. If anything seems off, open a new browser window and visit the institution’s website directly instead of clicking the link. Enabling multifactor authentication a