December and January are busy for attackers: staff are away, approvals are rushed, and people check email on the move. Here are five trends worth knowing about right now, with simple steps you can take to forewarn your customers.
1) More attempts, moving faster
National reporting keeps climbing. The ACSC logged 42,500+ calls to the Cyber Security Hotline in FY24–25, up 16% year on year, alongside more incident responses and warnings. Expect more noise while teams are thin on the ground. (ACSC Annual Reporting, FY24–25)
What customers can do now: any clients still relying on the native protection in Microsoft 365 or Google, should add a specialist email security layer that looks at context and intent, not just links and attachments. MailGuard’s AI models are built to spot fast-moving phishing before anyone clicks.
2) BEC is still the big money drain
The FBI’s IC3 puts internet-crime losses above US$16B last year. Business Email Compromise (BEC) remains one of the costliest categories, with multi-billion dollar losses and tens of thousands of cases. Holiday periods are prime time for fake payment-change requests. (FBI IC3)
What customers can do now: agree a two-step payment-change process with finance teams. Pair it with MailGuard to pick up look-alike domains, spoofed threads and language patterns that signal BEC.
3) People decide in seconds
Verizon’s DBIR shows the median time to fall for a phish is under 60 seconds. On mobile, that window can be even shorter, exactly how most people check email during the break. (Verizon DBIR)
What customers can do now: focus on time. Use automated detection to shrink the exposure window, then run short reminders and awareness exercises for teams about seasonal lures (delivery notices, urgent invoices, MFA resets).
4) Human error shows up in local breach stats
The OAIC’s latest half-year data has human error at ~37% of reported breaches (up from ~29%). Mis-addressed messages and mishandled attachments spike when people are rushing. (OAIC NDB)
What customers can do now: remove as many risky emails as possible before they hit inboxes. MailGuard filters out high-risk messages so staff see fewer traps, and are less prone to curious clicks in the holidays.
5) Incidents are frequent and costly in Australia
ASD/ACSC still sees roughly one cyber report every six minutes, with average business losses per incident rising. Holiday downtime doesn’t slow adversaries. (ASD/ReportCyber)
What customers can do now: set a light “holiday posture”: tighten payment approvals, review forwarding rules, and lift monitoring for finance and exec mailboxes. Run a holiday period review and share the results and recommendations in January: prevented BEC attempts, sensible policy tweaks, and more.
How MailGuard helps over the break
- 24/7 support: team of experts, here when you (and your customers) need them.
- Stops more of the convincing stuff: MailGuard AI/ML analyses intent and business context, not just obvious indicators.
- Buys back time: risky emails are analysed and blocked in real time, shrinking the exposure window when teams are thin.
- Gives leaders peace of mind: stopping advanced threats hours (sometimes months) before Microsoft and other vendors, with clear reporting for IT and exec teams to remediate threats, MailGuard provides reassurance that an additional layer of specialist AI threat protection is in place to secure inboxes.
Keeping Businesses Safe and Secure
Prevention is always better than a cure, and one of the best defences is to encourage businesses to proactively boost their company’s cyber resilience levels to avoid threats landing in inboxes in the first place. The fact that a staggering 94% of malware attacks are delivered by email, makes email an extremely important vector for businesses to fortify.
No one vendor can stop all email threats, so it’s crucial to remind customers that if they are using Microsoft 365 or Google Workspace, they should also have a third-party email security specialist in place to mitigate their risk. For example, using a specialist AI-powered email threat detection solution like MailGuard.
For a few dollars per staff member per month, businesses are protected by MailGuard's specialist, AI-powered zero-day email security. Special Ops for when speed matters! Our real-time zero-day, email threat detection amplifies your client’s intelligence, knowledge, security and defence.
MailGuard provides a range of solutions to keep businesses safe, from email filtering to email continuity and archiving solutions. Speak to your clients today to ensure they’re prepared and get in touch with our team to discuss fortifying your client’s cyber resilience.
Talk to us
MailGuard's partner blog is a forum to share information; we want it to be a dialogue. Reach out to us and tell us what your customers need so we can serve you better. You can connect with us on social media or call us and speak to one of our consultants.
Australian partners, please call us on 1300 30 65 10
US partners call 1888 848 2822
UK partners call 0 800 404 8993
