Quarter Two Report 2019

CERT NZ’s Quarter Two Report provides an overview of the cyber security incidents reported from 1 April—30 June 2019. It also offers advice on how to prevent or mitigate these incidents.

This quarter, incidents are up by 21% from quarter one, with 1,197 reports from businesses and individuals from across the country. These reports show a breadth in the type of incidents New Zealanders are experiencing and the range of impacts they can carry with them. 

Some examples include:

  • 23% of all incidents reported some type of loss.
  • Scams and fraud was the highest reported category in quarter two, making up 38% of all reports.
  • Ransomware incidents increased by 38% in quarter two, with most reports coming from businesses and organisations.

Quarterly Report: Highlights [PDF, 471 KB]

Quarterly Report: Data Landscape [PDF, 994 KB]


Results by number

Number of incidents reported by quarter

We received 1,197 reports in the second quarter of 2019. This is up 21% on quarter one and is the second highest number of incidents reported to CERT NZ. 

Results by incident

Breakdown of incident category

Scams and fraud, phishing and credential harvesting, and unauthorised access have consistently been the highest incident categories since quarter four, 2017.

Scams and fraud is the highest incident category in quarter two, taking over from phishing and credential harvesting in quarter one.

Focus area: Ransomware impacts

Ransomware has significant and wide-ranging impacts on affected organisations, their staff and customers.


Buyer beware: online shopping scams on the rise

Breakdown of scam and fraud categories

In quarter two, 19% of scam and fraud reports related to the buying and selling goods online.

Online shopping scams can operate across various platforms like social media, scam websites and sometimes through legitimate auction sites. These scams can result in financial loss when goods don’t show up, or don’t match the description and can also lead to other types of incidents like identity theft.

In one case, an online shopper reported a fake website that was posing as a reseller of an international clothing brand.

The shopper was close to completing their transaction when they realised that the website URL didn’t use HTTPS and decided to contact the site first to check it was legitimate.

The website didn’t have any contact information listed so they reported it to CERT NZ. We were able to quickly identify it was a scam website, and worked with the hosting provider to have the site taken down, protecting other shoppers from the scam.

Shopping online safely

Case study: Small business experiences the impacts of ransomware

Small businesses are increasingly experiencing the impacts of ransomware attacks, and the consequences are not always financial, as one business recently experienced.


Cyber security incidents affect all ages

Incidents affecting individuals by age group

In quarter two, 59% of the reports received were about individuals. The number of incidents reported by individuals continues to be spread across all age groups, demonstrating that New Zealanders of all ages are affected by cyber security incidents.

Of the 712 incidents about individuals, 30% reported some type of loss, like financial, data and reputational. Scams and fraud was the highest reported category affecting individuals (56%), with a total direct financial loss of $4.5 million.