Quarter Three Report 2019

CERT NZ’s Quarter Three Report provides an overview of the cyber security incidents reported by New Zealanders, from 1 July—30 September 2019.

This quarter, incidents are up 13% from quarter two, with 1,354 reports from businesses and individuals from across the country. This report shares examples of the security issues that are impacting people and organisations all over the country, and offers advice on how to best protect against them.

Quarterly Report: Highlights [PDF, 433 KB]

Quarterly Report: Data Landscape [PDF, 1.2 MB]



Results by numbers

Number of incidents reported by quarter

CERT NZ graph showing number of incidents reported. In quarter three 2019, New Zealanders reported 1,354 incidents to CERT NZ.

We received 1,354 reports in the third quarter of 2019. This is the highest number of incidents reported in a quarter to date.


Results by incident

Breakdown of incident category

CERT NZ graph showing number of incidents reported. In quarter three 2019, New Zealanders reported 1,354 incidents to CERT NZ.

Scams and fraud, phishing and credential harvesting, and unauthorised access have consistently been the highest incident categories since quarter four, 2017.


Focus area: Phishing

Phishing overview

Phishing made up 38% of all incident reports this quarter. Since CERT NZ launched in 2017, New Zealanders have reported more than 3,000 phishing incidents.

Types of phishing

How well do you know the types of phishing out there?

Phishing trends

At CERT NZ we see certain sectors and organisations targeted at different times by different phishing techniques.

Protecting yourself from phishing

As phishing techniques change over time, it’s a good idea to stay up-to-date with simple steps to help spot and protect yourself from them. These include:


Webcam blackmail scams steadily rise

Quarter three data shows that webcam blackmail scams continue to affect New Zealanders, with a 28% increase of reports from the previous quarter. 

This email extortion scam variant, which claims to have accessed the recipient’s webcam and recorded them in the privacy of their home, first spiked in quarter three last year. Despite public awareness, reports of the scam continue to increase, with some incidents reporting of financial loss.

When the first surge of webcam blackmail scams hit in October 2018, CERT NZ released an advisory with preventions and mitigations to raise awareness and help New Zealanders protect against the scam.

Webcam and password blackmail scam advisory External Link

Case studies

CERT NZ works with researchers and vendors to resolve vulnerabilities

CERT NZ’s coordinated vulnerability disclosure (CVD) process helps researchers and finders communicate vulnerabilities with the affected vendors and have them resolved.

Over 65s’ online resilience improving

This year, CERT NZ’s data has shown a positive trend for the over 65 age group. Since quarter one, there has been a 60% decrease in direct financial losses reported, while at the same time, a 20% increase in the number of reports about this age group.