Email-related attacks cost New Zealanders close to one million dollars

CERT NZ’s latest quarterly report shows cyber attacks circulated by email posed the greatest threat to New Zealanders’ cyber safety between July and September this year.

25 November 2020

According to CERT NZ, the government agency which supports organisations and individuals affected by cyber security incidents, reports of business email compromise was up by 101% from quarter two with $944,000 direct financial loss.

During the same time period there was a surge in reports about a variation of malware1 called Emotet, which is spread though a link or attachment in an email, resulting in a 34% increase in malware reports made to CERT NZ from the previous quarter. 

“Email is widely used and trusted both in business and our personal lives. This unfortunately makes it an easy target for cyber attackers who are looking to make a quick buck,” says CERT NZ’s Director Rob Pope.

Attackers use business email accounts to carry out a range of scams, such as putting false bank account details on invoices sent to customers. They gain access in a number of ways, including guessing or ‘cracking’ weak account passwords, finding out passwords through data leaks online, or collecting login information through phishing2 campaigns.

“The good news is that the risk of these attacks impacting you or your business can be mitigated with a few simple steps,” says Mr Pope.

“Updating your operating systems and software, having long strong unique passwords, and installing antivirus software can go a long way to help keep you secure online.”

Figures from CERT NZ’s quarterly report also reveal reports of cyber security incidents are at an all-time high, with 2,610 reports made to the government agency in the third quarter of 2020 resulting in $6.4 million of direct financial loss from all incidents that occurred.

“This is not surprising given the state of play over the last three months with a spate of distributed denial of service (DDoS) attacks, ransomware attacks and online scams. These incidents serve as a wakeup call for Kiwis to tighten up their online security.”

CERT NZ has recently expanded the way it collects data by working with more local organisations and international partners to create a richer picture of the cyber threat landscape.

“Like the old adage says, to be forewarned is to be forearmed. Having more information about cyber threats means we have a better understanding of what’s on the horizon, and are therefore in a better position to help New Zealanders up their cyber defences.”

Read the full report here.