New Year’s Resolutions Cybercriminals Are Making

January 28th, 2026
New Year’s Resolutions Cybercriminals Are Making

New Year’s Resolutions Cybercriminals Are Making (And How to Stay Off Their Radar)

While most of us start the year thinking about healthier habits and fresh goals, cybercriminals are doing a little planning of their own.

No vision boards. No gym memberships.
Just reviewing what worked last year—and figuring out how to do more of it.

And yes, small businesses are often part of that plan.

Not because you’re careless.
Because you’re busy.

Busy businesses move fast, trust their people, and don’t always have time to second-guess every email. That’s exactly what attackers look for.

The good news? Once you understand their playbook, it’s much easier to avoid becoming a target.

Resolution #1: “Make Phishing Emails Look Completely Normal”

The days of obvious scam emails are mostly gone.

Today’s phishing messages are often:

  • Well written
  • Familiar in tone
  • Timed perfectly
  • Referencing real vendors or coworkers

They’re designed to blend in, not stand out.

A modern phishing email might look like this:

“Hi Sarah, I tried sending the updated invoice but it bounced back. Can you confirm this is still the right email for accounting? I’ve attached the updated version. Thanks!”

Nothing dramatic. Nothing suspicious at first glance.

How to stay ahead:

  • Encourage your team to verify, not just react—especially for money or login requests
  • Use email filtering tools that flag impersonation attempts
  • Make it okay (and encouraged!) to double-check before responding

Asking questions isn’t being paranoid—it’s being professional.

Resolution #2: “Impersonate Vendors or Leadership”

This is one of the most convincing tactics we see.

A vendor emails about updated payment details.
A “CEO” texts asking for something urgent.
Sometimes it’s even a phone call that sounds eerily familiar.

These scams work because they feel routine—and they rely on urgency.

How to stay ahead:

  • Always verify banking or payment changes using a known phone number
  • Require confirmation for financial requests, even if they seem legitimate
  • Use multi-factor authentication (MFA) on financial and admin accounts

Simple checks can stop very expensive mistakes.

Resolution #3: “Focus More on Small Businesses”

Cybercriminals used to chase only big companies. But large organizations have improved security, making attacks harder and less profitable.

Small businesses, on the other hand:

  • Have valuable data
  • Handle real money
  • Often don’t have dedicated security teams

That doesn’t make you vulnerable—it just means basic protection goes a long way.

How to stay ahead:

  • Keep systems updated
  • Use MFA everywhere possible
  • Test your backups regularly

Most attackers aren’t looking for a challenge. If you’re not the easiest option, they usually move on.

Resolution #4: “Take Advantage of New Hires and Busy Seasons”

January brings new employees, tax prep, and full inboxes.

New hires want to help. They’re eager. And they don’t yet know what “normal” looks like in your organization.

Attackers know this.

Payroll scams and fake W-2 requests increase this time of year—and the damage can affect your entire team.

How to stay ahead:

  • Include security basics in onboarding
  • Create clear policies for payroll, W-2s, and payment requests
  • Praise employees who pause to verify requests

A quick phone call can prevent a long-term headache.

Prevention Is Always Easier Than Recovery

Cybersecurity really comes down to two paths:

React after something happens
OR
Put protections in place ahead of time

The second option is quieter, less stressful, and far more affordable.

Good security doesn’t mean living in fear. It means having systems in place that quietly do their job—so nothing dramatic happens.

How a Good IT Partner Helps

The right IT partner helps you:

  • Monitor systems around the clock
  • Strengthen access and login security
  • Train your team on today’s scams
  • Set up verification processes that prevent fraud
  • Ensure backups actually work
  • Patch vulnerabilities before they’re exploited

That’s prevention—not panic.

Let’s Make This a Quiet Year (In the Best Way)

Cybercriminals are hoping businesses stay distracted and unprepared.

Let’s prove them wrong.

Book a New Year Security Reality Check.
In just 15 minutes, we’ll walk through where you stand and what matters most—no jargon, no pressure.

If you are interested in hiring us to manage your IT infrastructure, please reach out to us here.