$6.6 million lost to cyber crime in the December quarter

Wednesday, 9 March 2022

A record $6.6 million was lost to online financial crime the December quarter, the largest amount lost to digital fraud in a quarter since records began, Cert NZ says in its latest quarterly report.

There was a 28 per cent increase in phishing and credential harvesting, in which a fake email or text message was used to take a victims personal information.

New types of scams were on the rise, with reports of the Flubot text scam, which encouraged victims to pay for a non-existent courier package, with 1707 instances reported.

But Cert NZ chief executive, Rob Pope said a rise in reported scams was not entirely a bad thing.

* Fraud Awareness Week: Consumers urged to talk about scams, share stories

* BNZ customers warned about scammers asking for personal details in text messages

The total amount of reported losses to cyber crime in the last five years was $69.8 million.

“On the one hand, more reports means that more incidents are occurring, but it also means New Zealanders are aware of the steps to take when they encounter cybercrime,” Pope said.

The higher number of reports improved Cert NZ’s understanding of the extent and type of incidents that were occurring, which helped the government agency respond, he said.

“We’re encouraged that both individuals and businesses are more willing to report, and we hope the messages about being cyber smart continue to spread.”

But Cert NZ data showed cybercrime had continued to grow.

In 2020 cybercrime became more lucrative than the drugs trade as New Zealand cyber incidents causedlosses of $16.9m.

University of Waikato cybersecurity lab leader, Dr Vimal Kumar says almost all digital scams require a human error for them to work.

The total amount of reported losses to cyber crime in the past five years was $69.8m.

University of Waikato cybersecurity lab leader, Dr Vimal Kumar said the complexity of underground criminal enterprise was set up similar to many legal businesses.

“Many of these criminal organisations have different divisions that analyse how people respond to attacks, divisions that deal with the financial matters. These are intricate and vast enterprises,” Kumar said.

During the pandemic instances of cyber crime increased and became more sophisticated, he said.

“Ten to 20 years ago a scam may have targetted an individual, but now more often we are seeing people targetting an entire computing infrastructure. People are finding more and more ways to weaponise or monetise a computer vulnerability.”

But despite the growth in sophistication, most scams still relied on human error, which could be thwarted by better education, he said.

“A cyber criminal can have the best technology, but in most cases they still rely on people. In the case of the text scam, they have found a way to send a text message to you, but it only works if the user clicks on the link. That is the weak point in the operation.”

Most investments work in a scattershot approach sending out a scam link to as many people as possible and hoping a percentage will click through.

If people knew not to click a suspicious link, or otherwise set the scam in motion, then the return on investment for the scammers would make it pointless to send out a scam in the first place, he said.

The Cert NZ report recommended people check if a website was genuine by checking if the business was registered on the New Zealand Companies Office.

People should be wary of websites that don’t list a physical address, or that have significantly lower-priced goods.

The Cert NZ report asked anyone who believed they had been caught by a scam to immediately notify their bank, and report the incident to Cert NZ.