When schools break up and inboxes go quiet, cyber criminals get loud. The half-term holiday is a prime time for spoofing, phishing and vishing attacks!
This threat is heightened due to the increase of a ‘relaxed’ working culture, where staff are accessing work emails on their phones at any time of the day. In addition to this, there is a concerning number of workers who don’t have MFA implemented on their work nor personal devices.
Whether you are a business owner or a team member, making yourself aware of the common tactics that cyber criminals use is the first step in keeping you secure.
The rise in half term cybercrime
According to recent cybersecurity reports:
- Phishing remains the #1 attack vector, responsible for 31% of all breaches in 2025 so far.
- Cyber attacks have increased by 18% globally in Q1 2025 compared to the same period in 2024.
- The volume of phishing attacks has skyrocketed by over 4,000% since 2022, with AI-generated spoofing emails becoming more convincing than ever.
- The average cost of a phishing breach is now estimated at £3.63million.
These attacks often spike during holidays, when fewer staff are monitoring systems and decision-makers are harder to reach.
Common spoofing tactics
We got together with our team to discuss some of the recent spoofing tactics that they have witnessed the last few half terms:
Example one: fake CEO payment request
From: mbceo@csgrp.uk
Subject: Urgent payment needed
“Hi, I need you to process a wire transfer of £8,500 to a new supplier today. I’m in meetings all day—just get it done and send me the confirmation.”
Red flag: unusual urgency, new payment details and no secondary verification.
Example two: spoofed IT support
From: support@csgrp-it.co.uk
Subject: Password expiry notice
“Your password will expire in 24 hours. Click here to reset it now.”
Red flag: slightly altered domain name, pressure to act quickly and a suspicious link.
How to stay secure this half term
When you partner with CSG, your security never takes a holiday. Here’s how you can enjoy your break without falling victim to cybercrime:
1. Don’t act on emails alone
Always verify payment or sensitive requests through a second channel, like a phone call or secure messaging app.
2. Have controls in place
Use tools like Microsoft 365 Business Premium to:
- Block spoofed emails
- Enforce multi-factor authentication
- Monitor for suspicious login attempts
3. Review your security setup
Get your cube security system or endpoint protection reviewed before the break. Ensure alerts are routed to someone available during the holiday.
4. Train your team
Run a quick refresher on how to spot phishing, vishing, and social engineering attempts. We can help you support your team with cyber awareness through our engaging training programs designed to educate and empower employees.
5. Be cautious on social media
Cybercriminals often use social media to gather intel. Avoid posting travel plans or out-of-office details publicly.
Enjoy your holiday worry-free
With the right tools and awareness, you can relax knowing your business is protected. Let CSG, Microsoft 365 Business Premium, and Copilot help you stay one step ahead of cyber threats this half term.
References
Cybersecurity Attacks Statistics 2025: Trends, Costs, Implications – SQ …sqmagazine.co.uk2
2hishing Trends Report (Updated for 2025) – Hoxhunt hoxhunt.com – latest statistics on spoofing and phishing attacks increase during holidays 2024 2025
