cfo-nz logo
Story image

Stairway to hell: Scams, ransomware, and $6.5m gone from Kiwis' pockets

05 Sep 2019

In just a three month period this year, New Zealanders reported more than 1000 cybersecurity incidents and financial losses of $6.5 million to CERT NZ.

CERT NZ today published figures from the April-June Quarterly Report. Of the 1197 incidents reported, the top two incident categories included 458 related to scams and fraud, while 404 related to phishing and credential harvesting.

Scam and fraud reports included a combination of extortion and blackmail scams, online shopping (buying or selling goods), tech scam phone calls, and unauthorised money transfers. In total, scam and fraud caused almost $6 million in financial losses.

“It’s evident that cyber incidents can result in financial loss, however losing money is not the only impact businesses and individuals experience. Cyber incidents can also result in other types of loss like data, reputational and operational,” says CERT NZ Director Rob Pope.

The report calls attention to the rising number of online shopping scams. These scams can operate through social media, scam websites, and even genuine auction sites.

The report notes: “In one case, an online shopper reported a fake website that was posing as a reseller of an international clothing brand.”

“The shopper was close to completing their transaction when they realised that the website URL didn’t use HTTPS and decided to contact the site first to check it was legitimate.”

“The website didn’t have any contact information listed so they reported it to CERT NZ. We were able to quickly identify it was a scam website, and worked with the hosting provider to have the site taken down, protecting other shoppers from the scam.”

Ransomware also reared its head again with a 38% increase in attacks since the previous quarter.  Since CERT NZ’s launch in 2017, it has received 160 ransomware attack reports, of which 70% involved some type of loss.

These include ransomware attacks against individuals (7 reports) and businesses (15 reports). CERT NZ strongly advises against paying ransom demands.

“Although there are some reports of financial loss, what we see from ransomware attacks are businesses reporting losses like customer information and operational capacity. Recovery from a ransomware attack can also be incredibly time consuming, affecting a business’s ability to carry out their usual services, and can damage their reputation,” says Pope.

“The good news is that the risk of these attacks impacting you or your business can be easily mitigated with a few simple steps; updating your operating systems and software, backing up your files regularly and installing antivirus software can go a long way to help keep you safe online.”

Pope says that the data that CERT NZ collects about report is vital to helping the organisation understand New Zealand’s cybersecurity landscape.

“The more we know about the types of incidents affecting New Zealanders, the more we can be there to help New Zealanders and their businesses stay safe online,” concludes Pope.

If you or your organisation experiences a cyber security threat – or if you suspect you may have been exposed to one – contact CERT NZ any time at or call 0800 CERT NZ, Monday to Friday, 7am – 7pm.

Story image
Microsoft NZ Partner Awards winners announced
Each of the 10 winners demonstrated ‘outstanding ways they are continuing to empower customers through clever use of Microsoft technology’.More
Story image
How Employer of Record helps companies expand to new markets around the globe
Using an Employer of Record allows companies to break into new markets and hire the talent they need quickly and easily — with all human resources, onboarding, paperwork, and legal compliance taken care of.More
Story image
Why automating the finance function is critical for future growth
As well as continually struggling with tedious workflows and manual processing, many finance professionals are still finding it a challenge to complete their month-end close. This is where software can help, writes BlackLine regional vice president for A/NZ Claudia Pirko.More
Story image
Splunk signs agreement to acquire NPM company Flowmill
Splunk has signed a definitive agreement to acquire the Palo-Alto based cloud network observability company, with expertise in network performance monitoring (NPM). More
Story image
The top features to look out for in a product pricing solution
Many software solutions promise to provide accurate market analysis, which helps in price management of your product. But some solutions are more helpful than others.More
Story image
Organisations struggling to realise full business value from cloud investments
“Our study shows a surprisingly small two-year improvement in returns on corporate cloud initiatives, suggesting that a more thoughtful and holistic approach is needed to fully unlock the value of cloud.”More