Reported cyber scams and fraud incidents skyrocket in new report

A new report into cyber security threats affecting New Zealand has revealed a 90 percent increase in reported cyber scam and fraud incidents.

Kiwis are facing an onslaught of scams, phishing attempts and other security threats according to a report by CERT NZ, which found there were a record 870 cyber security incidents between July 1 and September 30.

That's an increase of 18 percent from the previous quarter this year.

Reported cyber scams and fraud incidents skyrocket in new report

A significant part of that increase came from reported scam and fraud incidents, which skyrocketed by 90 percent this quarter to 198 from 104 last quarter.

"Webcam blackmail and payment scams made the largest contributions to this increase," said CERT NZ.

"The payment scams are mainly scammers using fake invoice emails, or compromising email accounts to change bank account details in invoices, to divert money to accounts controlled by scammers."

Reported cyber scams and fraud incidents skyrocket in new report

But credential harvesting and phishing, where people use fraudulent means to obtain sensitive information by posing as a trustworthy entity, continue to make up the majority of reported incidents, with 468.

That's hurting Kiwis in the wallet, with direct financial losses incurred in the quarter - up 35 percent to $2.99 million from roughly $2.2 million last quarter.

Reported cyber scams and fraud incidents skyrocket in new report

"Attackers used a range of techniques from 'spoofing' email addresses to trick recipients into thinking it was from a legitimate source, to full takeover of email accounts to do things like change bank details in invoices," said CERT NZ.

Of the nearly $3 million reported in losses, 46 percent were incurred by organisations and 54 percent by individuals. Nine incidents involved losses of more than $100,000.

The last quarter of 2017, however, still had the highest direct financial loss, with $3.4 million.

A breakdown of the incidents show 341 were reported about individuals, with the 65-year-old and over age bracket seeing the highest level of reports.

But it's not just New Zealand's nanas and poppas at risk - 529 of the reported incidents were about organisations.

It also isn't only the main centres seeing increased cyber security threats, with all regions across New Zealand, except for Gisborne, Canterbury and Tasman, seeing jumps.

Aucklanders reported 509 incidents, followed by 76 in Wellington. Gisborne locals reported no incidents, while 113 had no location provided.

Organisations most heavily targeted are those in the financial and insurance, and technology sectors.

One large New Zealand business had its emailing marketing account compromised due to a weak password an attacker easily guessed. While an employee quickly discovered the breach before any financial transactions were made, CERT NZ recommends strong, unquiet passwords wherever possible.

"We know from in-depth analysis of the reports we receive, combined with information from international partners and global threat insights, that it's getting the basics right that will help Kiwis stay safe online," said CERT NZ director Rob Pope.

"Online security can seem complicated, but the evidence we have shows that most incidents can be prevented by taking simple steps."

Of the 870 incidents reports, 711 were responded to by CERT NZ, 157 were referred to police, 1 was referred to Netsafe, and another to the Department of Internal Affairs.

An additional 135 incidents were directed to other agencies for not falling within CERT NZ's scope.