Festive season cyberattacks offer a warning to businesses and why these trends matter for Q1

Each year, South Africa experiences a rise in cybercrime during the festive season. Although most public warnings focus on consumers, the underlying tactics are the same ones that drive many of the costliest business fraud incidents.

For organisations closing out the financial year, these seasonal patterns offer early insight into the risks that typically intensify in the first quarter.

SABRIC has noted increased activity involving phishing, impersonation and other deception-led methods, while banks have highlighted scams featuring urgent payment requests, spoofed communication and fraudulent changes to banking details.

These tactics are consistent with those used in business email compromise, supplier impersonation and payment-diversion attacks.

The festive period creates favourable conditions for criminal activity. High transaction volumes, hybrid work arrangements, and reduced oversight make it easier for attackers to test narratives and behaviours that prompt action.

During the holiday season, people tend to be less vigilant and more trusting, creating increased opportunities for criminals to exploit these behaviours.

By early in the new year, these refined techniques often appear in more targeted efforts against finance teams, executives, and supply-chain stakeholders.

Findings from the 2025 Cisco Cybersecurity Readiness Index further frame why these seasonal scam trends matter for South African businesses. Identity remains the country’s biggest cybersecurity challenge, with 38% of organisations identifying it as their top concern, yet only 7% have reached a mature level of identity readiness.

Meanwhile, many organisations continue to struggle to detect unusual or suspicious activity, even though identity behaviour analytics are critical for identifying anomalous requests and fraudulent payment activity. Compounding this issue, security teams are often overwhelmed by excessive alerts, making it difficult to prioritise genuine threats over false positives.

The Index also shows that South Africa’s Network Resilience maturity is slipping, and Cloud Reinforcement readiness remains low at just 4% Mature, widening the exposure to spoofing, unauthorised access and manipulated communication flows.

Hybrid work adds further pressure: employees now access corporate systems from an average of six networks per week, and 84% connect via unmanaged devices, increasing opportunities for criminals to insert themselves into business processes.

Globally, organisations are also reporting a rise in AI-enhanced social engineering, with 42% experiencing such attacks in the past year - a sign that scams are becoming more polished and more persuasive.

Taken together, these patterns suggest that festive-season scams should be viewed not as isolated consumer events but as a preview of the social-engineering techniques likely to target businesses in Q1.

Here are six ways businesses can prepare:

1. Strengthen verification for payments and supplier changes:Require out-of-band verification using trusted contacts for any changes to banking details or unusual payment requests, particularly during high-risk periods.
2. Define clear protocols for urgent or atypical requests:Criminals rely on creating urgency. Dual approvals, clear escalation paths, and built-in time buffers help prevent rushed or unverified decisions.
3. Train employees to recognise manipulation tactics:Staff in finance, HR, and executive support roles should be equipped to identify subtle red flags, including inconsistencies in tone, timing, sender identity, or request type.
4. Improve identity and access hygiene:Minimise dormant accounts, enforce strong authentication, and monitor for abnormal access patterns to reduce the impact of compromised credentials.
5. Focus on behavioural monitoring, not just devices:Many fraud attempts bypass traditional technical controls. Detecting anomalies such as unusual payment amounts, shifts in communication style, or irregular vendor activity strengthens fraud prevention.
6. Extend security standards to partners and suppliers:Attackers often target weaker links in the supply chain. Establishing clear verification and identity requirements across third parties reduces shared risk.

This is where correct use of AI can greatly help businesses.

AI helps businesses counter these risks by intelligently analysing behaviour across payments, identities, and communications to detect anomalies such as unusual requests, changed supplier details, or signs of manipulation.

It reduces alert fatigue by prioritising genuine threats, strengthens identity and access controls through real-time behavioural monitoring, and extends protection across partners and suppliers—enabling faster, more confident decisions and reduced fraud risk.

Festive-season scam trends offer valuable early intelligence for businesses.

They highlight the types of behaviour manipulation that will likely escalate in Q1 and expose gaps in identity, access and behavioural readiness that organisations can address now.

By taking these patterns seriously, companies enter the new year with stronger safeguards, clearer processes and a more resilient operating environment.

Ameera Cassoojee, Cybersecurity Sales Specialist at Cisco South Africa.

BUSINESS REPORT