nzcompare awards   The peoples choice award voting is now open.
  • Home »
  • Blog
  • Christmas - 'Tis the Season for Cybercrime?

Christmas - 'Tis the Season for Cybercrime?

Important Article

The lead-up to Christmas is one of the busiest times of the year for retailers, couriers, and… cybercriminals. For Kiwis, there’s more online shopping, more digital communication, and more financial transactions happening in a short space of time, which means attackers see an opportunity and they take it.

It’s also the time of year when attention is at its lowest in NZ businesses. Staff are winding down, dreaming of the Kiwi summer, BBQs, and family time. Many businesses run reduced teams over the break, which means fewer people available to spot unusual activity, less time and bandwidth to be more skeptical or respond quickly when something looks off. All of this makes both organisations and individuals more susceptible to threats.

Whether you’re a business handling increased customer demand or taking a break over the Christmas period, or a consumer racing to finish your gift list, it’s worth taking a moment to tighten up your digital security.

What to Look Out For

While it’s not exactly festive, but Christmas is peak opportunity for attackers. Attention drops, urgency skyrockets, and online spending jumps significantly from November–January. That combination creates the perfect conditions for scams to thrive.

Fake Retail Sites

People spend more online during this period than any other time of year. More transactions mean more opportunities for phishing, card-skimming, fake retail sites, and payment fraud.

Urgent, too-good-to-be-true Sales

Tight deadlines and having to buy multiple gifts for Christmas all contributes to quick clicks and less scrutiny of bargains. Cybercriminals rely on this.

Courier-related Scams

With parcels flying everywhere, fake delivery updates become easier to disguise among the real ones, and you’re less likely to expect a scam, when you’ve actually got a delivery, or several, on the way.

Charity Scams

Attackers take advantage of the season of giving, spinning up fake donation pages and emotional appeals.

How Businesses Can Protect Themselves

1. Enable Multi-Factor Authentication (MFA) Everywhere

MFA blocks most account-takeover attempts, even if passwords are stolen in scams.

2. Review access and permissions before the break

Remove old accounts, limit admin roles, and ensure the right people have the right access while teams are reduced.

3. Patch and update before shutting down

Unpatched systems are one of the easiest entry points for attackers.

4. Improve email filtering

Flag impersonation attempts, suspicious attachments, and high-risk links before they reach staff inboxes.

5. Back up everything

Ransomware incidents spike over the holiday period. Verified, offline backups ensure you can recover quickly.

6. Educate staff about seasonal scams

Share real examples of courier scams, invoice fraud, and charity-based phishing. Awareness is powerful.

How Consumers Can Stay Safer Online

1. Check websites before entering card details

Look for HTTPS, legitimate URLs, clear contact information, and trustworthy payment options. It’s always worth doing a quick check of reviews through a google search too.

2. Be cautious of delivery texts and emails

If you weren’t expecting a parcel, don’t click. If you were, go directly to the courier’s official site or original confirmation email from the sender.

3. Use strong, unique passwords

A password manager helps keep everything secure and prevents a breach in one place from spreading.

4. Turn on MFA for banking, email, and key accounts

Even if someone gets your password, MFA can stop them.

5. Monitor your accounts

Although you don’t want to be trawling through your expenses over a big spending period - December and January are prime time for fraudulent charges. Regular checks help you spot anything suspicious early, even if the spending ends up being all yours (oops).

6. Be wary of charity appeals

Donate only through official websites or in-person appeals. Even if you’re in the giving spirit, you want it to be going to the right organisations.

Cybercrime over Christmas isn’t about fear, it’s about preparation. A few practical steps can significantly reduce risk for both businesses and individuals.

Let’s keep the silly season silly for the right reasons and not when talking your cybersecurity.

If you’re looking to strengthen your organisations’ or home security heading into the new year, our team is here to chat. Get in touch with us here.