Story image

Stairway to hell: Scams, ransomware, and $6.5m gone from Kiwis' pockets

05 Sep 2019
Twitter
Facebook

In just a three month period this year, New Zealanders reported more than 1000 cybersecurity incidents and financial losses of $6.5 million to CERT NZ.

CERT NZ today published figures from the April-June Quarterly Report. Of the 1197 incidents reported, the top two incident categories included 458 related to scams and fraud, while 404 related to phishing and credential harvesting.

Scam and fraud reports included a combination of extortion and blackmail scams, online shopping (buying or selling goods), tech scam phone calls, and unauthorised money transfers. In total, scam and fraud caused almost $6 million in financial losses.

“It’s evident that cyber incidents can result in financial loss, however losing money is not the only impact businesses and individuals experience. Cyber incidents can also result in other types of loss like data, reputational and operational,” says CERT NZ Director Rob Pope.

The report calls attention to the rising number of online shopping scams. These scams can operate through social media, scam websites, and even genuine auction sites.

The report notes: “In one case, an online shopper reported a fake website that was posing as a reseller of an international clothing brand.”

“The shopper was close to completing their transaction when they realised that the website URL didn’t use HTTPS and decided to contact the site first to check it was legitimate.”

“The website didn’t have any contact information listed so they reported it to CERT NZ. We were able to quickly identify it was a scam website, and worked with the hosting provider to have the site taken down, protecting other shoppers from the scam.”

Ransomware also reared its head again with a 38% increase in attacks since the previous quarter.  Since CERT NZ’s launch in 2017, it has received 160 ransomware attack reports, of which 70% involved some type of loss.

These include ransomware attacks against individuals (7 reports) and businesses (15 reports). CERT NZ strongly advises against paying ransom demands.

“Although there are some reports of financial loss, what we see from ransomware attacks are businesses reporting losses like customer information and operational capacity. Recovery from a ransomware attack can also be incredibly time consuming, affecting a business’s ability to carry out their usual services, and can damage their reputation,” says Pope.

“The good news is that the risk of these attacks impacting you or your business can be easily mitigated with a few simple steps; updating your operating systems and software, backing up your files regularly and installing antivirus software can go a long way to help keep you safe online.”

Pope says that the data that CERT NZ collects about report is vital to helping the organisation understand New Zealand’s cybersecurity landscape.

“The more we know about the types of incidents affecting New Zealanders, the more we can be there to help New Zealanders and their businesses stay safe online,” concludes Pope.

If you or your organisation experiences a cyber security threat – or if you suspect you may have been exposed to one – contact CERT NZ any time at www.cert.govt.nz or call 0800 CERT NZ, Monday to Friday, 7am – 7pm.