- Статьи
- Internet and technology
- There will be no carnival: how scammers play on the theme of preparing for New Year's corporate parties
There will be no carnival: how scammers play on the theme of preparing for New Year's corporate parties
Fraudsters can use various deception schemes in the season of preparation for New Year's corporate parties, experts have warned about this. The topic of such events is attractive to intruders because of the seasonal hype and tight deadlines, forcing companies to make quick decisions. For more information about how scammers play on the topic of preparing for New Year's corporate parties, how dangerous their schemes are and how to protect yourself from them, read the Izvestia article.
Why are New Year's corporate parties interesting to scammers
The theme of New Year's corporate parties is attractive to scammers because of the seasonal hype and tight deadlines, forcing companies to make quick decisions, Konstantin Gorbunov, a leading expert on network threats and web developer of the Security Code company, said in an interview with Izvestia.
"Large event budgets involve significant one—time payments, and mass demand allows for the use of standard schemes," says the expert. — The emotional background of the pre-holiday preparation often reduces the rational assessment of risks.
Nikita Novikov, an expert on cybersecurity at Angara Security, agrees that preparing for corporate events is an ideal environment for scammers. As the specialist explains, the workload in companies is growing before the end of the calendar year, people are working hard, there is a lot of correspondence, contractors and quick approvals.
Any invoice, reservation, or urgent clarification looks natural, which is what the attackers use. They integrate into business correspondence, substitute banking details, send fake offers and receive money virtually out of the blue. This is one of those periods when social engineering works with maximum efficiency, Nikita Novikov emphasizes.
What kind of fraudulent schemes on corporate events to expect in 2026
Fraud with preparations for New Year's corporate parties is aimed at employees of all levels without exception, says Valeria Besedina, an analyst at the Positive Technologies research group. For example, ordinary employees may receive letters purporting to be from HR or the organizing committee, office administrators and HR staff may receive event—related messages and documents from external contractors, and financial staff may receive payment of bills.
"As a result, this may lead to financial losses, data leakage, or infection with malicious software, which may provide an opportunity for further development of the attack and compromise of the organization," the Izvestia interlocutor notes.
According to Valeria Besedina, if business correspondence is compromised, cybercriminals can send phishing on behalf of an employee in his own organization, and outside it to partner companies. According to the expert, in such deception, one should expect massive use of deepfake technologies: scammers will simulate voice calls or video messages from a supervisor or HR with urgent instructions.
Such multi—channel deceptions — a letter plus a call or video - will create the illusion of complete authenticity and reduce the critical perception of the employee. On the other hand, attackers will use artificial intelligence (AI) to clone phishing websites of existing contractor organizations. Thanks to the use of new technologies, such web pages will not differ from the original ones, Valeria Besedina predicts.
"Attackers can also use QR codes as attachments — they are not visually readable by humans, so they may not cause concern," the expert notes.
In 2026, we should expect targeted phishing, when fraudsters send letters disguised as well-known event agencies or prestigious venues, offering "exclusive" conditions and links to fake sites for data entry and prepayment, adds Konstantin Gorbunov. There will also be increased activity in messengers and social networks through the creation of clones of real profiles of contractors, as well as one-day sites with attractive rental offers for non-existent sites.
What fraudulent schemes on corporate events have you encountered before
In previous years, during the season of preparation for New Year's corporate events, fraudsters created websites that mimic the resources of real event management companies, says a data analyst at the Coordination Center for Domains .RU/ in an interview with Izvestia.Russian Federation Evgeny Pankov. From a fake domain, they sent out commercial offers to hold a corporate event at a favorable price, and after receiving an advance payment, they disappeared.
—The scammers also actively exploited the high seasonal demand: in December, many venues and event agencies were loaded, and company managers had to urgently look for alternative options," says the specialist. — Attackers used this by launching advertising campaigns of non-existent event companies and platforms.
In addition, according to Evgeny Pankov, there are cases of sending fake letters on behalf of the management. In them, employees were invited to "get a ticket to a corporate party" or "vote for entertainment at the celebration." Clicking on links from such emails resulted in the theft of personal data, hacking of corporate accounts, or the installation of VPO.
— The "classics" of recent years are fake accounts on behalf of the site, catering company or contractor, malicious documents with macros, as well as fake websites for renting halls for prepayment, — Nikita Novikov adds. — Hackers often hacked corporate emails and sent out payment clarifications or details from a real mailbox.
In addition, according to the expert, there were more mundane scenarios — collecting money for gifts, fake forms of participation or lists of participants. It looks harmless, and the personal data of the employees goes to the scammers. The attackers also often used psychological pressure — they offered "last available dates" or "exclusive conditions" valid only until the end of the day, which forced them to make hasty decisions without proper verification, Konstantin Gorbunov notes.
How to protect yourself from corporate fraud schemes
The main target of fraudsters in the period of preparation for New Year's corporate events are employees responsible for their organization — secretaries, executive assistants and HR managers, says Konstantin Gorbunov. At the same time, small and medium-sized business owners who make decisions under the pressure of "unique" offers are mostly vulnerable, since control in large companies has a multi-stage level, which reduces the likelihood of fraud.
— The danger is not only that you can lose money: correspondence, documents and personal data of employees are often "stolen" in parallel, — Nikita Novikov emphasizes. — And this is the basis for the next wave of attacks — more accurate, convincing and expensive for companies.
In order to protect yourself from attacks by scammers before the New Year, experts interviewed by Izvestia advise following a number of security rules. According to the head of BI.According to Dmitry Kiryushkin's Digital Risk Protection ZONE, it is important to remain vigilant and pay attention to website addresses: a phishing resource may differ from the original one by just one character and at the same time completely mimic the interface of the site.
In addition, carefully check the information about the interlocutor when communicating in messengers. If the account was created a few weeks or months ago, and the username was changed recently, you are most likely facing a fraudster. Sergey Polunin, head of the Gazinformservice IT Infrastructure Solutions Protection Group, adds that when preparing for corporate events, it is necessary to strictly check contractors. You can't be too vigilant here, so no payments based on links and QR codes, mandatory verification of all banking details and, most importantly, separation of roles.
— A conditional HR should not be able to initiate a payment. For large companies that have been cooperating with event agencies for a long time, everything is somewhat simpler, since they have a specific manager number with whom they have been working for many years, and the chance of getting caught is noticeably lower," the expert concludes.
Переведено сервисом «Яндекс Переводчик»
