Staying Cyber-Safe this Holiday Season
By Jennifer Yeagley
November 25, 2025

Happy Holidays!  Did you know that the time between Thanksgiving and Christmas is the prime time for cyber-criminals?  You’re busy and stressed with holiday preparations, end-of-year tasks, illnesses, weather.  All act on you to lower your defenses and let cyber-criminals in your system.  To help keep you cyber-safe this year, here are 5 tips to help you focus your defense strategies.

1. Do not trust your email!

You know that your inbox is full the rest of the year, but at holiday time, it explodes.  Phishing scams run rampant during this time because you’re less likely to catch the small stuff that signals a fake email or link.  Stay vigilant and meticulously review all senders and links to ensure authenticity.  Also know that a trusted contact might have been attacked, and that weird looking link they sent was a way to continue the attack.  Even large companies are putting out notices that their customers are likely to be taken advantage of if not diligent in checking the details.

• Microsoft put out a warning regarding messaging using “rn” instead of an “m” in @microsoft.com. https://cybersecuritynews.com/microsoft-phishing-replace-m-with-rn/  Additional problems may be in store for Windows 10 users as automatic security patching and updating ended on October 14.
• Amazon has warned its over 300 million users that they should be wary of fake delivery notifications, deceptive ads, fake tech or customer service calls, and suspicious links sent via email. You should also look for similar letter substitution tricks as with Microsoft.  Links like arnazon.com, amazzon.com, and AMAZ0N.COM start easily tricking people.  Amazon account attackers warning: Amazon alerts over 300 million users to rising scams and cyberattacks; here is how to avoid falling for new scam tactics
• Generally, anyone can make a fake ad and get the clicks. In the first 2 weeks of November alone, there were over 146,000 unique spam messages found to be using Black Friday sales as part of the phishing campaign. Threat Actors Exploiting Black Friday Shopping Hype – 2+ Million Attacks Recorded
• No one is immune. We, along with most of our clients, have experienced some sort of phishing attempt this month.  Phishing emails get through all the time and are being helped to look more real by AI.  The best way to help yourself, your company, and the data you protect is to be well trained and vigilant.  If you think you may be compromised, change your password and MFA, then call for additional support.

2. Monitor your financials!

The average person spends more during the holidays than most times throughout the year, and sometimes it is difficult to remember every purchase.  Craft shows, pop up booths, and online purchases may be a little harder to trace as they are not your usual store.  Businesses also deal with this kind of purchasing but add in weather-related spending and end-of-year project spending.  Cyber-criminals can try to slip charges onto compromised accounts, take over accounts, or compromise banking logins with great effect.  Monitor your accounts and consider freezing your personal credit.  How to place or lift a security freeze on your credit report | USAGov

3. Be careful of equipment usage!

Everyone should be looking to minimize risks for cyber-attacks, but common practices tend to be overlooked, especially during the holidays.

• Avoid using open internet options. Places like McDonalds, the mall, or even your place of employment may have password free options for internet.  This unprotected access can be a way for cyber-criminals to gain access to your data.  Hackers can set up their own networks to directly gain your data or may use some sort of packet skimming or other attack type to collect your data.
• Businesses often have computer usage policies that are ignored during the holidays. I have seen way too many of my coworkers hop online on Cyber-Monday to get the hourly deals they just wouldn’t get by waiting until the end of the day.  Side point – Your internet will slow down on the Monday after Thanksgiving.  It happens every year, and it comes from the amount of shopping traffic.  Remember that the policies are in place to protect the business network.  Do not use the business network or computers to do your shopping, no matter how much you want to!  Clicking on the wrong link can truly take down your entire network.

4. Evaluate your response plans! All businesses should have an emergency response plan that is regularly updated and practiced throughout the year.  However, if the plan relies on Bob, Bill, and Betty all being at their jobs, what happens when the holiday skeleton crew is in place?  If your key players go on vacation, does the rest of your team have the right information to move the plan along?  Cyberattacks are unique and often rely on specific actions from people with protected access.  Having contingency plans during heavy vacation times is important.

5. Lean into your protective policies! All businesses have policies to protect themselves from fraud.  With the stress of the season, it is common for policies to go by the wayside.

• Training is not optional. Every business should have ongoing cyber-safety training.  One place I worked would have training goals for each month of the year.  You would be in massive trouble for not hitting it in March, but without fail December training would be postponed every year.  If the attacks increase during this time, failing to highlight training can be catastrophic.
• Financial policies and procedures should be followed to the letter. Our business has been unsuccessfully attacked for payroll processing information and fake payments.  We are only 2 people, so it is easy to see right through those attacks.  With 10, 20, 50 people working for or with you, do you have controls in place to make sure you won’t be the victim of a successful attack?

Don’t make the season merry for the cyber-criminals.  Be smart, be watchful, and outmaneuver cyberattacks.  We at Eagle Secure Solutions hope that you and yours have a restful, merry, and cyber-safe holiday season!