‘By taking these patterns seriously, companies enter the new year with stronger safeguards, clearer processes and a more resilient operating environment.’
Each year, South Africa experiences a rise in cybercrime during the festive season.
Although most public warnings focus on consumers, the underlying tactics are the same ones that drive many of the costliest business fraud incidents.
For organisations closing out the financial year, these seasonal patterns offer early insight into the risks that typically intensify in the first quarter.
Ameera Cassoojee, cybersecurity sales specialist at Cisco South Africa, said the South African Banking Risk Information Centre (SABRIC) has noted increased activity involving phishing, impersonation and other deception-led methods, while banks have highlighted scams featuring urgent payment requests, spoofed communication and fraudulent changes to banking details.
“These tactics are consistent with those used in business email compromise, supplier impersonation and payment-diversion attacks.”
ALSO READ: South Africa faces unprecedented cybercrime surge this festive season
Most criminals work during festive seasons
Cassoojee said the festive period creates favourable conditions for criminal activity.
“High transaction volumes, hybrid work arrangements, and reduced oversight make it easier for attackers to test narratives and behaviours that prompt action,” she said.
“During the holiday season, people tend to be less vigilant and more trusting, creating increased opportunities for criminals to exploit these behaviours. By early in the new year, these refined techniques often appear in more targeted efforts against finance teams, executives, and supply-chain stakeholders.”
What cybercriminals steal
She added that findings from the 2025 Cisco Cybersecurity Readiness Index further frame why these seasonal scam trends matter for South African businesses.
Cassoojee highlighted that Identity remains the country’s biggest cybersecurity challenge, with 38% of organisations identifying it as their top concern, yet only 7% have reached a mature level of identity readiness.
“Meanwhile, many organisations continue to struggle to detect unusual or suspicious activity, even though identity behaviour analytics are critical for identifying anomalous requests and fraudulent payment activity,” she said.
“Compounding this issue, security teams are often overwhelmed by excessive alerts, making it difficult to prioritise genuine threats over false positives.”
ALSO READ: Call centre scams threaten SA
Ways businesses can prepare
1. Strengthen verification for payments and supplier changes: Require out-of-band verification using trusted contacts for any changes to banking details or unusual payment requests, particularly during high-risk periods.
2. Define clear protocols for urgent or atypical requests: Criminals rely on creating urgency. Dual approvals, clear escalation paths, and built-in time buffers help prevent rushed or unverified decisions.
3. Train employees to recognise manipulation tactics: Staff in finance, HR, and executive support roles should be equipped to identify subtle red flags, including inconsistencies in tone, timing, sender identity, or request type.
4. Improve identity and access hygiene: Minimise dormant accounts, enforce strong authentication, and monitor for abnormal access patterns to reduce the impact of compromised credentials.
5. Focus on behavioural monitoring, not just devices: Many fraud attempts bypass traditional technical controls. Detecting anomalies such as unusual payment amounts, shifts in communication style, or irregular vendor activity strengthens fraud prevention.
6. Extend security standards to partners and suppliers: Attackers often target weaker links in the supply chain. Establishing clear verification and identity requirements across third parties reduces shared risk.
ALSO READ: SA prime targetfor cybercrime
Correct use of AI
Cassoojee said AI helps businesses counter these risks by intelligently analysing behaviour across payments, identities, and communications to detect anomalies, such as unusual requests, changes in supplier details, or signs of manipulation.
It reduces alert fatigue by prioritising genuine threats, strengthens identity and access controls through real-time behavioural monitoring, and extends protection across partners and suppliers, enabling faster, more confident decisions and reduced fraud risk.
“Festive-season scam trends offer valuable early intelligence for businesses. They highlight the types of behaviour manipulation that will likely escalate in Q1 and expose gaps in identity, access and behavioural readiness that organisations can address now,” she said.
“By taking these patterns seriously, companies enter the new year with stronger safeguards, clearer processes and a more resilient operating environment.”
NOW READ: Cybersecurity an ‘economic and safety imperative’
#ways #businesses #prepare #cyberattack
