What’s Behind August’s Phishing Uptick?

Just Because You’re on Vacation Doesn’t Mean Hackers Are. While your team may be easing back into work after time off, cybercriminals remain active throughout the year, with August being a peak period for phishing scams. In fact, data shown in studies from vendors ProofPoint and Check Point indicate that phishing attempts actually spike in the summer months. As inboxes overflow and routines shift, attackers see an opportunity — and they’re ready to take it. Here's how to stay vigilant and secure.

Why Is The Risk Higher?

Cybercriminals are capitalizing on your summer travel plans by mimicking popular hotel and Airbnb sites, according to Check Point Research. They’ve identified a significant rise in threats targeting the travel industry, with a 55% surge in new vacation-related website domains in May 2025 compared to the previous year. Out of more than 39,000 newly registered domains, one in every 21 was marked as either suspicious or malicious.

As the summer comes to an end and schools gear up for a new term, phishing attempts also rise, with cybercriminals posing as university emails to target students and staff. Although these attacks may not seem directly relevant to your business, it’s possible that employees checking their personal email on work devices could unintentionally open the door for hackers. A single mistaken click is all it takes for cybercriminals to breach your business's security.

How You Can Protect Yourself

Artificial intelligence is improving business efficiency and cybersecurity — but it’s also helping scammers create more believable phishing attempts. That’s why staying alert and training your team to recognize warning signs is more important than ever.

Smart habits to help reduce your risk:

• Be Cautious with Suspicious e-mails. Don't rely solely on spotting spelling mistakes or awkward grammar — attackers now use AI to craft emails that look polished and professional. Instead, take a closer look at the sender’s email address and any visible links. If anything seems slightly off or unexpected, it’s worth double-checking before you click.
• Always verify web addresses. Look closely for slight spelling errors in links or uncommon domain extensions, like .today or .info — these are often signs of phishing sites designed to trick users. Malicious actors frequently use these unusual domains to bypass detection.
• Go straight to the source. Instead of clicking on links in emails or messages, type the website’s address directly into your browser or use a trusted search engine to find it yourself. This reduces the risk of landing on a fake or malicious site.
• Turn on Multifactor Authentication (MFA). Enabling MFA adds an extra layer of security to your accounts. Even if someone manages to get your password, they won’t be able to log in without the second verification step — helping keep sensitive company data out of the wrong hands.
• Use caution on public WiFi. If connecting to public networks is necessary, protect your sensitive data—like login credentials or financial information—by using a VPN to create a secure, encrypted connection.
• Avoid checking personal e-mail on work devices. Using company equipment to access personal e-mails, messaging, or social media accounts raises security risks. Keep your personal accounts separate by using personal devices for personal matters and company devices strictly for work.
• Inquire with your MSP about endpoint security. Endpoint detection and response (EDR) tools can keep an eye on your desktops and mobile devices, identify and block phishing attacks and harmful downloads, and notify your MSP right away if a breach occurs, significantly reducing the risk of data exposure.

Phishing attacks are evolving rapidly, and AI is accelerating this trend. To combat this, it's crucial to ensure your team is aware of the risks—being informed is your strongest defense against phishing. Stay vigilant and protect your business!

Kick off the season with security—schedule your FREE IT Systems Assessment now.