Blog

New Year's Resolutions for Cybercriminals (Spoiler: You're on the List)

Written by Connections for Business | Jan 26, 2026 1:30:00 PM

Somewhere out there, a cybercriminal is making New Year’s resolutions.

They’re not dreaming of more “self-care” or better work-life balance.

They’re planning how to steal more in 2026. And small businesses like yours? You’re their favorite target.

Why? Because you’re not careless—you’re just busy. And hackers love busy.

Here’s what they’re planning this year—and how to ruin it for them.

Resolution #1: “Send Better Scam Emails”

Gone are the days of shady emails with bad grammar and fake lottery wins.

Today’s phishing emails are scary-good. Thanks to AI, they:

  • Sound totally normal
  • Use your company’s language
  • Mention vendors you actually use
  • Skip the obvious red flags

They don’t need typos. They need timing—and January is perfect. Everyone’s catching up, inboxes are overflowing, and mistakes happen.

What a modern scam email looks like:

“Hi [Your Name], I sent an updated invoice, but it bounced. Can you confirm this is the right email for accounting? Here’s the new version—let me know if you have questions.”

Looks real, right? That’s the point.

Your move:

  • Teach your team to verify, not assume. Any email involving money or passwords gets double-checked through another method (like a call).
  • Use smart email filters that catch impersonators, even if the email looks normal.
  • Celebrate caution. If someone double-checks something sketchy, high-five them. Don’t call them paranoid.

Resolution #2: “Pretend to Be Your Vendor or Your Boss”

This one’s sneaky—and it works.

A “vendor” sends new bank info:

“Use this account going forward.”

Or your “CEO” texts your bookkeeper:

“Urgent. Wire this now. I’m in a meeting.”

Sometimes, it's not even a message—it’s a fake voice. Yes, deepfakes can now copy someone’s voice from YouTube or a voicemail.

So if “your boss” calls asking for a quick favor? It might not be them.

Your move:

  • Always call to confirm bank changes—using a number you already know, not one in the email.
  • No money moves without voice confirmation through a trusted channel.
  • Turn on multi-factor authentication (MFA) for every finance and admin account.

Resolution #3: “Go After Small Businesses More”

Big companies have security teams, strict rules, and expensive insurance.

So cybercriminals said: “Forget that.”

Instead of chasing one huge payday, they hit 100 small businesses for $50K each. Less risk. Easier targets.

They know small businesses:

  • Don’t have full-time security staff
  • Think “we’re too small to be targeted”
  • Are running in a dozen directions at once

That belief—“we’re too small to hack”—is exactly what they’re counting on.

Your move:

  • Do the basics: MFA, updates, tested backups. These make you way harder to hit.
  • Drop the “we’re too small” excuse. It’s not true—and it won’t protect you.
  • Get real help. You don’t need a massive security team, just a smart partner.

Resolution #4: “Exploit New Hires and Tax Season”

January means new employees—and attackers love new employees.

Why?

  • They want to be helpful.
  • They don’t know what’s normal yet.
  • They’re easy to trick.

Also coming soon: tax scams. One email pretending to be your HR manager and suddenly every employee’s W-2 is stolen.

That means hackers now have your people’s Social Security numbers, addresses, and salaries—and they’ll use them to file fake tax returns before your staff can.

Your move:

  • Train new hires early. Before they even get email access.
  • Make clear rules: “We never send W-2s by email.” “Always call to verify payment requests.”
  • Praise employees who double-check weird requests. Paranoia = protection.

Prevention Beats Recovery Every Time

When it comes to cybersecurity, you’ve got two options:

Option A: React after a disaster.

  • Pay the ransom
  • Call emergency IT help
  • Alert your customers
  • Try to rebuild your systems
  • Damage your reputation

Cost: Tens or hundreds of thousands
Time: Weeks or months
Vibes: Not great

Option B: Stop the disaster before it happens.

  • Train your team
  • Lock down access
  • Monitor your systems
  • Set up smart rules and tools

Cost: Way less
Time: Ongoing in the background
Vibes: Peaceful and boring (which is perfect)

How to Ruin a Hacker’s Year

A good IT partner keeps you off their “easy win” list by:

  • Watching your systems 24/7 for trouble
  • Locking down access so one stolen password doesn’t open everything
  • Training your staff to spot the smart scams
  • Requiring verification before any money moves
  • Testing backups so even ransomware doesn’t stop your business
  • Patching holes before hackers find them

That’s not fighting fires. That’s fireproofing.

Don’t Be Part of Their 2026 Success Story

Cybercriminals are planning their big year.

They’re betting you’ll be too busy, too small, or too disorganized to stop them.

Let’s prove them wrong.

Book a New Year Security Reality Check

In just 15 minutes, we’ll:

  • Spot your weak points
  • Show you what matters most
  • Give you a simple plan to stop being an easy target

No tech-speak. No pressure. Just real answers.

👉 Book your 15-minute New Year Security Reality Check here

Because the best New Year's resolution is making sure you’re not on someone else’s.
View full post