New CERT NZ report says cyber incidents are down, but financial losses are up

CERT NZ report on scams
The agency has been working with other organisations to combat the scams. Photo credit: Getty Images

The number of incidents reported to the Government's cyber security agency has dropped in the second quarter of 2022, but the financial losses are continuing to mount.

CERT NZ's Cyber Security Insights 2022 report for Q2 showed there were 2001 incident reports between April and June, 14 percent down on Q1.

However direct financial losses due to the incidents were up to $3.9 million, with 32 percent reporting a loss of more than $1000.

CERT NZ said that was down to a recent spate of targeted phone-spoofing scams along with a rise in romance scams.

The agency said it had been working with telecom providers, financial institutions and other organisations and agencies, such as the Department of Internal Affairs, to combat the scams.

CERT NZ Director Rob Pope said collaboration and knowledge sharing was important in order New Zealanders could better protect themselves and be more secure online.

"Collaborating meant we could better understand the technology behind the scams and how to help stop them, as well as developing clear and consistent advice for banking customers," Pope said.

"The more information and insights we have, the stronger our advice and mitigations are."

The phone-spoofing scam calls are largely where attackers pretend to be from a bank and try to trick recipients into sharing financial information, giving access to their bank accounts or allowing remote access to their computers.

CERT NZ said in these calls, 'phone spoofing' software is used to change the actual phone number of the scammer to that of another number, like the bank.

The agency said New Zealanders are losing large sums of money to these types of scams, with some recipients experiencing these incidents more than once.

"This happens when scammers call back, pretending to be from the bank and offering help to recover from the previous scam," it said.

In Q2 there were 500 incidents about scams and fraud, with 92 percent about individuals - with a total loss of $3.2 million to New Zealanders. 

'Buying and selling of goods online' was the most reported scam and fraud category, but 'dating and romance scams' was second, with this category steadily increasing over the last year.

In the latter, scammers use dating websites and apps or social media to build a relationship with someone and once they've  gained trust ask for money, gifts or personal details.

"More recently, CERT NZ has seen reports where romance scammers are building trust to try and trick the individual to buy into crypto investment scams. The scammers often use fake profiles to make it harder to track them down," the agency said.

Technological solutions to these types of cyber security incidents can help, but people taking action is also key, Pope said.

That includes enabling two-factor authentication (2FA) on accounts and never providing financial information over the phone. All incidents should be reported, too.

"By reporting cyber security incidents to CERT NZ, New Zealanders are helping others from being impacted by giving us the indicators and understanding of how these attackers are working," Pope said.

"This means we can work collectively with our partner organisations to reduce these harms and raise awareness of cyber security threats.

"Being a cyber resilient Aotearoa isn't just about tech solutions, it's about making sure everyone has the basic tools at their disposal to be secure online," Pope said.