CERT New Zealand's first quarter cyber security insights provided an overview of reports about cyber security incidents impacting New Zealanders from the 1st of January to the 31st of March 2023.
This quarter, CERT New Zealand responded to 1,968 incident reports about individuals and businesses from all over New Zealand. This report shares information about these incidents and highlights examples of work CERT New Zealand is doing to help. There are two parts to the report:
The report highlighted that the average number of incident reports per quarter was 2,191, and the average direct financial loss was $4.9 million. These figures are based on the previous eight quarters. For this quarter, $5.8 million in direct financial loss was reported in the first quarter of 2023, with 30 percent of incidents reporting a financial loss.
CERT New Zealand responded to 1,968 incidents in this quarter for 2023, up 12 percent from the fourth quarter of 2022. There was a 35 percent increase in unauthorised access from the fourth quarter of 2022 and a 66 percent increase in direct financial loss.
A new scamming technique has caught out many New Zealanders. Typically, scammers contact their target via a phishing email, text message, or even a phone call. Phishing remains the number one cyber incident reported to CERT New Zealand.
However, in 2023, new methodologies are being used that have people approaching scammers.
CERT New Zealand has seen scammers setting up malicious websites and using key search terms to ensure their website appears high in the results of search engines like Google. These websites usually mimic large organisations like banks, investment firms, or large exporters.
This has meant an individual search for an investment comparison website or a website to purchase and export certain products with top results containing malicious sites alongside legitimate sites, depending on the terms searched by the person, and serve as an initial point of contact between this person and the scammer.
The scammer creates another domain to make the email address or phone number look legitimate. When the scammer gets a phone number, the interactions often move to platforms such as WhatsApp.
During the contact phase, scammers may provide documents like investment comparisons or product catalogues. These documents look convincing and often include the branding of legitimate businesses and organisations.
Once people are convinced, they are given bank details to pay their 'investment' or the cost of the products they want to export.
Unfortunately, individuals may not realise this is a scam until the funds have been transferred and time has passed without further contact from the scammer. This is often too late for the banks to be able to recover funds.
In February 2023, CERT New Zealand was made aware of a significant investment scam where someone searching terms such as 'term deposit comparison nz' on Google would be shown a search page that included ads paid for by scammers and linked to fake websites.
For information on how to stay safe, please visit the CERT New Zealand website.
