CERT NZ produces a phishing feed that alerts subscribers of active phishing campaigns targeting New Zealanders. Recently, CERT NZ published details of an active phishing campaign impersonating Inland Revenue (IR) to the threat feed.
The scammers sent out emails that contained a link to a website that looked like the Inland Revenue’s site, and asked recipients to claim their tax refunds by inputting their personal and financial details. This allowed the attackers to steal this information for their own financial gain. The fraudulent website looked very similar to the legitimate IR website, making it incredibly difficult for people to know that they were entering their details into a fake website.
Nadia Yousef, CERT NZ’s Manager of Incident Response, says that having this phishing email reported to us initially was the key to the success of stopping the phishing campaign.
“Within minutes of the notification going out on CERT NZ’s threat feed, it had been picked up by information security company Cassini, one of a number of security service providers we work with, who sent it to their customers’ networks to block the website.”
“These customers automatically received notification about the bad indicator and blocked their users from accessing the fake website. If left unblocked it could have impacted a significant number of New Zealanders.”
Results were apparent within the hour, CERT NZ and Cassini recorded 15 successful disruptions within the first day and 51 within the first week.
“This is an incredible result, when put in real terms those disruptions saved New Zealanders and businesses thousands of dollars and countless hours of stress and recovery,” says Ms Yousef.
“Not only that, all this work happened behind the scenes. When potential targets tried to access the site, they were automatically protected from the scam.”
Phishing continues to be one of the highest reported incidents to CERT NZ. In 2020 New Zealanders reporting losses to us of more than $7 million dollars from phishing incidents. In the third quarter of 2020 alone, we received 1,064 reports of phishing. Phishing campaigns often use well-known brands and organisations to lure people into providing information or access to their details or devices.
“Disrupting and stopping phishing campaigns is a high priority for CERT NZ. The immediate and automated nature of the threat feed shows the level of effectiveness and trust organisations have in the information and data that CERT NZ produces,” says Ms Yousef.
*The company referenced in the story is not commercially endorsed by any of the government agencies mentioned.