“The previous quarter saw a spike due to the prevalent Flubot campaign which used text messages to install malicious malware on New Zealanders’ devices. While that has slowed, reporting numbers overall are still high,” said CERT NZ Director Rob Pope
CERT NZ received 2,333 reports in Q1 (January to March 2022) – an increase of 63% from the same quarter last year. Similarly, the $3.7m in direct financial loss is up 23% on Q1 2021.
The largest reporting category was phishing and credential harvesting, making up 59% of all reports. On average CERT NZ receives 73% more reports about this category than any other.
“Phishing is an incident type that has been around for decades but has evolved over that time. Attackers change their tactics to reflect current events and use social engineering triggers, like urgency, fear and opportunity,” Pope said.
“Phishing is a major concern as it’s simple to do, from a technical perspective, and it’s a gateway to other kinds of incidents.”
Attackers use phishing to steal people’s personal credentials that they can use to gain unauthorised access to accounts and systems. They also leverage these attacks to find out who is likely to respond and use that information to run different scams.”
This quarter’s Insights contains a closer look at how phishing leads to tech-scam calls and direct financial loss (page 6).
“Reporting phishing attempts to CERT NZ helps all New Zealanders,” Pope said, “because the sooner we learn of them, the sooner we can work with providers to take down phoney websites and stop others from potentially falling victim to a scam.”
Also this quarter, the sudden rise in popularity of NFTs (non-fungible tokens) has seen a rise in scams relating to them. Cryptocurrency scams are increasing in general, but we are now seeing campaigns specifically targeting those looking to buy or sell NFTs.
“This new form of investment has created a rich avenue of opportunity for scammers, who are always looking for an edge,” Pope said.
NFTs appeal to attackers as they are still mostly unregulated, and payments are difficult to reverse or retrieve. The NFT market can be heavily hyped with high-profile projects and the estimated resale values can create a fear of missing out.