The Silent Surge: Why November is now peak season for Cybercrime, AI Fraud and Digital Manipulation

November has become the most digitally exposed period of the year for Australian organisations. Online purchasing spikes, promotional campaigns intensify and supply chains accelerate ahead of the holiday season. The workforce is stretched, decision fatigue sets in and temporary staff join with limited training. Threat actors exploit this exact moment. November is no longer just a busy commercial month; it is peak attack season.

‍Cyberattacks now target people and identities not networks

Attackers aren’t breaking into systems; they’re breaking into trust. Rather than exploiting firewalls, they compromise identities and credentials through Microsoft 365 sessions, SaaS platforms, logistics portals and supplier accounts. In retail and e-commerce this can mean orders are silently diverted or supplier payment details changed; logistics providers are targeted because access to a freight platform gives attackers control of stock movement. Aged-care and healthcare providers are especially exposed because patient scheduling, medication systems and clinical records must remain available, making these organisations high-value extortion targets. In November, urgency and volume mask anomalies that would normally be questioned.

Generative AI has removed the “gut instinct” filter. Deepfake voice approvals now impersonate CEOs requesting urgent transfers, and fake invoices are generated automatically using accurate contract data scraped from emails. Retail customer teams receive highly personalised refund scams that convincingly mimic legitimate customers, while financial services and fintechs are encountering deepfake identity documents used to bypass verification. These attacks succeed because they sound and look familiar, particularly during the high-pressure decision windows of November.

Disinformation and charity scams are now commercial weapons

Disinformation campaigns have evolved into commercial and social-manipulation tools, and charitable giving is now being weaponised. Criminal networks deploy synthetic reviews, coordinated negative posts and fake donation pages or spoofed NGO social accounts to harvest payments and personal data. During November, when consumer generosity and corporate giving accelerate, fake charity appeals, complete with realistic-looking websites and donation forms can siphon funds and expose donor identities. Retailers, hospitality operators and charities themselves can suffer reputational harm when bogus appeals are amplified across social channels, eroding trust and diverting legitimate support.

Supply chain fragility magnifies every digital incident.

Freight congestion, extreme weather and global trade disruption already strain supply chains. Layer a cyber incident or fraudulent diversion on top of that and the impact compounds. A single compromised logistics partner can cascade into delayed deliveries, stock shortages and viral customer complaints. Supply chain fragility magnifies every digital incident. Healthcare and aged-care services, which rely on just-in-time delivery of pharmaceuticals and clinical consumables, are especially vulnerable. Telecom and technology providers remain high-value targets as custodians of customer identity and payment data. In this environment, cyber resilience is inseparable from supply-chain resilience.

‍Three actions to take to prepare

1. Protect payments and approvals: Stop unauthorised money movement by putting a hard rule in place: no bank account changes or payment approvals without a phone call to verify the request. Do not rely on email or text confirmation. Enable multi-factor authentication everywhere and freeze new supplier setups unless a second person signs off.
2. Actively watch for scams and fake pages: Nominate one person or team to keep an eye on social media, Google reviews and donation pages. If anything looks suspicious, including sudden negative comments, or misleading posts about your brand, report it and respond quickly. Keep a short “holding message” ready so you can respond while investigating.
3. Check your critical suppliers now: Contact your main delivery, logistics, IT and payment partners and question their business continuity plan should they be disrupted. Have a backup plan for fulfilment and customer communications if a supplier is disrupted. Make sure you know who to call, and where to escalate, outside normal hours.

Attackers are exploiting urgency, trust and distraction. Preparedness is your differentiator.

‍