CERT NZ: Kiwis lost $3 million in cyber security fraud in first quarter of 2021

There were six incidents involving losses of more than $100,000, says CERT NZ.
There were six incidents involving losses of more than $100,000, says CERT NZ. Photo credit: Getty Images

Kiwis lost $3 million in cyber security fraud in the first quarter of 2021 according to a new report from the New Zealand Government's cybersecurity agency CERT NZ.

The agency works to support businesses, organisations and individuals affected by cyber security fraud and it's revealed a 25 percent year-on-year increase in incidents to 1,431 from 1 January to 31 March. 

Almost a quarter of those reports resulted in direct financial losses, with phishing and credential harvesting remaining the most reported incidents, followed by scams and fraud.

"As we increasingly spend more of our lives online, attackers are constantly developing new and more sophisticated campaigns." said CERT NZ director Rob Pope.

"That’s why it’s really important to maintain good cyber habits. This can be as simple as implementing updates, having a long, strong password and using two-factor authentication."

The number of reports has actually fallen 18 percent from the last quarter of 2020, largely due to a 94 percent decrease in malware incidents with international agencies successfully dismantling the Emotet malware infrastructure, CERT said.

It also doesn't include the recent Waikato DHB ransomware attack, which occurred after the end of the quarter.

The most vulnerable Kiwis are in the 45 to 54 and 55 to 64 age bands, with 175 percent and 196 percent increases in total monetary losses respectively.

Those increases were due to a small number of incidents with exceptionally large loss amounts, including an incident with direct financial loss in excess of $500,000, the agency said.

There were six incidents in the quarter involving losses of more than $100,000, two of which involved unauthorised access and two were invoice scams. 

The report comes on the same day new precautions were put into place to keep Kiwis safe when they port mobile phone numbers, with all requests receiving an SMS message to confirm authenticity.

Number porting fraud has been relatively rare in Aotearoa but, because it can give hackers access to so much of the victim's online life, the impact can be huge with the average loss worth around $30,000.

Anyone can report a cyber security incident through CERT NZ's website, which also includes a number of hints and tips to remain safe online.