Quarter One Report 2021

CERT NZ’s Quarter One (Q1) Report provides an overview of reports about cyber security incidents impacting New Zealanders from 1 January – 31 March 2021.

This quarter, CERT NZ responded to 1,431 incident reports about individuals and businesses from all over New Zealand. This report shares information around these incidents as well as highlighting examples of work CERT NZ is doing to help. There are two parts to the report:

A Highlights Report focusing on selected cyber security incidents and issues.

A Data Landscape Report providing a standardised set of results and graphs for the quarter.

Quarterly Report: Highlights Q1 2021 [PDF, 407 KB]

Quarterly Report: Data Landscape Q1 2021 [PDF, 1.3 MB]


The average number of incident reports per quarter is 1,569 and average direct financial loss is $4.2 million. These figures are based on the previous quarters.


Number of incidents responded to

A total of 1, 431 incidents were responded to in Q1 2021.

Breakdown by incident category

Phishing and credential harvesting remains the most reported incident category.

Graph of incidents by category

Phishing and credential harvesting

Focus Area: Cutting the line on phishing campaigns

Phishing and credential harvesting is one of the most reported incident types to CERT NZ, making up 46% of all incident reports in Q1. In last quarter’s Highlights Report, we covered trends in phishing and credential harvesting and shared tips on how to protect against it. In this quarter’s focus area, we dive a little deeper into CERT NZ’s proactive work in disrupting these types of attacks.

Last quarter's Highlights Report

How CERT NZ is working to disrupt campaigns and protect New Zealanders


What this means to New Zealanders

This process aims to stop phishing campaigns before they cause wide-spread harm. This means the more phishing information we can provide partners, the more phishing campaigns we can disrupt – and the better protected New Zealanders are.

What you can do

If you think you’ve received a phishing email, report it to 

Report a phishing email

  1. We’ll provide guidance to make sure you and your accounts are not at risk.
  2. We’ll analyse the report for phishing indicators and use the findings to alert partners and notify other New Zealanders before they’re impacted.

COVID-19 scams

Insight: CERT NZ working to reduce the impacts of COVID-19 vaccine scams

Alongside incident response, CERT NZ work to identify, understand and alert New Zealanders to possible cyber security threats, and provide actionable advice to help protect against them. The COVID-19 vaccination roll out is one example of this.

What to look out for

Attackers are opportunistic and are constantly evolving their campaigns to try and trick people into sharing their financial and personal information. The COVID-19 vaccine-related scams are no exception. Predominately email-related, some scams try to collect ‘payments’. Others are an attempt to collect login credentials asking recipients to enter personal information like usernames and passwords – this information is then often used to carry out attacks like email compromise.

In Q1, CERT NZ responded to less than 10 reports about COVID-19 vaccine-related scams. We anticipate the volume of the scams will increase, and vary in look and messaging. The easiest thing to remember is the COVID-19 vaccine is free. At no point will you be asked to pay for the vaccine, or pay for your place in the queue. If you are, it’s likely a scam.

If you think you’ve received a COVID-19-related scam, please report it to us.

Report a scam

Microsoft Exchange

Insight: Attackers target widely-used email servers

In Q1, CERT NZ received reports about attackers exploiting vulnerabilities on New Zealand servers running Microsoft Exchange – a widely-used email and calendar service.

Update: Unauthorised access

Simple steps can help New Zealand businesses keep cyber attackers out

In Q1, reports to CERT NZ about unauthorised access increased 18% from the previous quarter, with a direct financial loss of close to $1 million.