Cyber threats don’t take a holiday

By: Conrad Bell on Nov 23, 2022 3:09:24 PM

holiday 2022 security blog

Cyber threats are especially prevalent during the holiday season. Hackers know that most organizations operate on a skeleton crew during this time of the year. A 2021 report noted that major ransomware attacks “tend to occur on weekends and holidays when fewer staff are around to detect and respond to them.”

Explore C Spire's security services >>

During this holiday season, it's important to remain vigilant. Here are tactics to be specifically aware of:

MFA fatigue

Multi-factor authentication (MFA) has become so common that many individuals respond to authentication requests almost instinctively, without taking the time to confirm that a request is genuine. Imaginative hackers are capitalizing on this trend.

After stealing login credentials or buying it of the dark web, attackers are performing a form of social engineering to get around the protections of MFA. Here's how it works: The attacker repeatedly attempts to log in to a corporate network. This causes the targeted individual receiving a seemingly endless stream of requests to allow access on their mobile device. Ultimately, the targeted individual gets irritated and accidentally clicks the "Approve" button or simply accepts the MFA request to stop the continuous notifications.

This type of technique has proven to be very successful by threat actors this year. If you suspect you are a victim of this type of attack, changing your account password will prevent the ability to generate further MFA push notifications.

Explore data protection options from C Spire >>

Phishing emails and fraudulent websites

During the holidays there tends to be a surge of fraudulent websites created.  The goal is to entice a victim to the site to harvest credentials, credit card information, or possibly install malware. In the second quarter of 2022, the shipping company DHL was the third-most impersonated brand in phishing emails according to Check Point. FedEx, UPS, and other retailers have warned of similar fraudulent websites, which typically increase in frequency during the holiday season.

With this attack vector, an attacker warns the recipient of a supposed problem in delivering a package, directing the recipient to click on a malicious link where they are required to enter login or credit card information. Phishing emails — including those sent to personal email accounts but accessed on work devices — may also be used to plant malware on corporate systems. This tactic increases around major shopping days, such as Boxing Day and Black Friday, to achieve the same goals.

Conrad Bell is SVP & Chief Information Security Officer at C Spire.

Explore C Spire's security services >>



Topics: Cybersecurity

C Spire Business is a privately-held telecommunications and technology company driven to deliver the best experiences in wireless, fiber internet, and business IT solutions such as internet, VoIP, cloud and managed services. Read more news releases and announcements at For more information, visit or find us on Facebook, Twitter or Instagram.

The information contained in this site is provided for informational purposes only, and should not be construed as legal advice on any subject matter.

Sign up for our monthly newsletter.

For the latest in technology trends, industry news, and C Spire updates.

Recent Posts

Sign up for our monthly newsletter

For the latest in technology trends, industry news, and C Spire updates.