Phishing most frequently reported cyber scam – CERT NZ | Insurance Business New Zealand
Phishing is the most commonly reported cyber scam in New Zealand, making up almost 71% of all reports, according to national cybersecurity agency CERT NZ.
CERT NZ received 1,935 reports from people affected by scams in the first quarter of 2022, with phishing making up 1,370 of those reports.
Phishing is a fraud tactic where an attacker pretends to be a legitimate or reputable entity to convince a victim into handing over sensitive information or to gain access to their electronic networks.
CERT NZ director Rob Pope encourages anyone caught up in a scam to report it as soon as possible.
“Scammers are indiscriminate in who they target,” Pope said. “And every report helps us know what threats are out there so we can protect others. We know it’s a stressful time when these sorts of incidents happen, and the scammers add extra pressure by preying on fear and urgency. But you need to report it as soon as possible so you can get help and stop others from getting affected.”
In response to the high prevalence of phishing attacks in the country, CERT NZ, Consumer Protection, the Department of Internal Affairs (DIA), and several major banks have joined forces to warn Kiwis of new threats from scammers.
These banks are ANZ, ASB, Co-operative Bank, Heartland Bank, HSBC, ICBC, Kiwibank, Rabobank, TSB and Westpac.
Banks are some of the most impersonated by phishing scammers, especially with the rise of online banking. Cyber criminals use duplicated, also known as spoofed, phone numbers, realistic dialogue and social engineering triggers to convince their targets to part with log-in details. Scammers also send SMS messages with links to fake websites or illicit software that harvest users’ account information.
Pope reminded people to “take a breath and pause” when confronted with a possible phishing attack, as scammers rely on urgency and fear to make people react quickly without thinking.
"The scammers will use a sense of urgency, hoping you won’t think clearly and will make a mistake," Pope said.
DIA director for digital safety Jared Mullen advised people to only access their online banking account by visiting the bank’s website. Banks will never send customers a link to log into their internet banking via text message.
“Tactics used by scammers are getting more sophisticated as new technology develops”, Mullen said. "But the advice to Kiwis to avoid being a target stays the same: be savvy, always question a link before you click on it, and if something doesn’t feel right, report it."