Why Phishing Attacks Spike In August

You and your employees may be getting back from vacation, but cybercriminals never take a day off. In fact, phishing attempts are known to spike during the summer months—especially in August—when staff are less vigilant and distractions are at their highest. According to studies from security vendors like ProofPoint and Check Point, phishing threats targeting businesses actually increase in the late summer. Here’s how your NYC or Long Island business can stay alert and secure.

Why The Increased Risk?

Attackers are leveraging the seasonal rush and travel trends to their advantage. Check Point Research reports a 55% increase in new vacation-related domains in May 2025 compared to the same time last year. Out of over 39,000 domains registered, one in 21 was flagged as malicious or suspicious—many mimicking hotel, flight, or Airbnb booking platforms.

August also coincides with back-to-school season, which creates another phishing opportunity. Hackers impersonate universities or student portals, targeting students, faculty, or even parents. Even if your business isn’t in education, employees could unknowingly click malicious links in personal e-mails while using work devices—giving hackers a potential entry point into your business network.

How To Protect Your Business From Summer Phishing Threats

Watch for smarter phishing e-mails.
AI tools are now being used to generate realistic, error-free phishing e-mails that appear convincing. Don’t just look for misspellings—check sender addresses and URLs too.

Double-check links before clicking.
Be wary of suspicious domain endings like .info, .today, or slight misspellings in company names. These are often used in scam attempts.

Avoid clicking—go direct.
Instead of clicking links in e-mails or texts, search for the official website directly in your browser to ensure authenticity.

Enable Multifactor Authentication (MFA).

MFA adds a critical layer of protection—even if your credentials are stolen, hackers won’t get in without the second authentication step. Prioritize app-based MFA or security keys over SMS-based versions.

Be cautious with public WiFi.

If you’re working from a coffee shop, airport, or hotel, use a VPN to encrypt your connection and avoid accessing sensitive information over open networks.

Keep personal accounts off company devices.

Accessing Gmail, Facebook, or shopping sites from a work computer increases the risk of exposure. Train your employees to keep personal and business accounts separate.

Talk to your MSP about endpoint security.

Endpoint Detection and Response (EDR) software actively monitors your business’s computers and devices for malicious behavior. It can block phishing attempts and alert your IT provider in real time if something slips through.

Stay Ahead of Phishing Season

Phishing attacks are becoming more sophisticated every day, and the use of AI only accelerates their evolution. With so many personal and professional distractions during August, your team’s awareness is your first line of defense.

Don’t let your guard down during vacation season. Get ahead of the threat with proactive employee training, strong MFA policies, and modern endpoint protection tools.

Start the season secure. Book your FREE Cybersecurity Assessment today.