Year-end: a peak period for cyber fraud – how to protect your SME
December 2025 - The end of the year is traditionally a period when cybercriminals are particularly active. Companies process more payments, the workload increases, and teams are less alert due to deadlines, vacation periods, and year-end closings. This makes December a perfect breeding ground for CEO fraud, phishing, and false payment requests. For SMEs, where financial processes are often monitored by a limited number of people, a single mistake can cause significant financial damage.
1. CEO fraud: one email can be enough
In CEO fraud, a scammer pretends to be a manager who urgently requests a payment. The message is often short, urgent, and time-sensitive. Think: “Transfer this urgently, I'm in a meeting.”
During the busy end-of-year period, employees are less likely to scrutinize the sender or content. Companies without clear authorization procedures are particularly at risk.
Prevention tips:
· Work with a fixed, strict payment flow: never make payments based on a single email.
· Always confirm new or urgent payment requests by telephone.
· Activate multi-factor authentication on all email accounts.
2. Phishing: a striking number of end-of-year campaigns
Cybercriminals capitalize on end-of-year themes: gift vouchers, parcel deliveries, unpaid invoices, supposed VAT reminders, etc. The emails or text messages appear more professional than ever and lead to fake websites that install malware or steal login details.
Prevention tips:
· Train employees not to open suspicious links and never to enter passwords via email.
· Use a spam filter and security tools that automatically block suspicious attachments.
· Limit employee access to accounts to what is strictly necessary.
3. Fake payment requests and IBAN fraud
A common technique at the end of December: fraudulent suppliers who claim that their account number has changed. Because many companies make a lot of payments around that time, the change is sometimes implemented without verification.
Prevention tips:
· Never change supplier details without verification by telephone via a known number.
· Store bank details centrally and only change them after double approval.
4. What preventive measures can you take as an entrepreneur?
In addition to vigilance, structural measures are essential:
· Ensure that everyone in the company is aware of what cyber fraud looks like.
· Create a checklist for payment verification, including double validation.
· Conduct periodic phishing tests to train employees.
· Keep software, browsers, and security systems up to date.
· Use a central password management tool with strong, unique passwords.
· Provide a clear internal protocol: what should an employee do when in doubt?
December is not only a peak month for commerce, but also for cybercriminals. Entrepreneurs who proactively focus on procedures, training, and digital security significantly reduce the risk of fraud. A little extra vigilance during this busy period can prevent thousands of dollars in damage.
