Hervé Le Goff, Senior Analyst, Threat and Incident Response, CERT NZ was kind enough to offer his time this month to chat about the key cyber crime trends CERT NZ is seeing this year, and how Kiwis can keep themselves safe online. Thanks Hervé for your valuable insights.
What are the key trends you’re seeing in cybercrime this year – in NZ and globally?
Based on 2021 data, phishing and credential harvesting remains the top threat to New Zealanders (3,709 reports in 2021, up 9% on 2020). This particular category can also lead to further incidents, such as unauthorised access or fraud.
Scams and fraud is the category that created the largest financial loss, making up 71% of all direct financial losses reported to CERT NZ. Scams to do with buying, selling or donating online was the biggest sub-category, accounting for $3.9 million in loss in 2021.
Malware reports jumped 24% from 2020 on the back of the Flubot text scam. This is the start of a new trend in campaigns that target people via SMS messages on their phones. The message will usually contain a link to a malicious website pretending to be a courier company or even a fake anti-malware site.
CERT NZ’s advice for these is to text (or message) them, free of charge, to 7726. This reports the number and any links that may be in the message.
How can Kiwis keep themselves safer online?
CERT NZ recommends following four steps. Following all four will keep you safe online, but even just doing one is a good start.
- Use a unique, long, strong password for each of your online accounts
- Turn on two-factor authentication (2FA) where possible
- Keep all your devices, apps and software up to date, and
- Keep your personal information private.
To make it easier, you can use a password manager, that way you don’t have to remember all those passwords.
And if you get any suspicious emails, online messages or visit a website that may not be legitimate, report them to CERT NZ.
How can Kiwis support their friends and family to keep themselves safer online?
Anyone can be affected by cyber crime, even those who are technically savvy. We are aware that some people are reluctant to report incidents because they feel embarrassed and vulnerable. But by talking to friends or family, and sharing those four steps, you can help make everyone safer.
What are Government agencies doing to help protect New Zealand generally from increased direct threats?
CERT NZ works alongside other government agencies to keep New Zealanders safe from cyber crime. We offer free advice and confidential reporting.
Our website contains tips and advice for individuals. We also have a list of ten Critical Controls for businesses to implement. These controls give businesses a steer on where to best allocate their assets.
For IT specialists, CERT NZ releases advisories for incoming threats, which contain advice on how best to mitigate them.
What’s changed in terms of cyber threats as a result of the ongoing Covid-19 uncertainty?
Cyber criminals are opportunistic, so any new situation becomes a target. The pandemic has seen an increased number of people working from home, this has in turn, created security issues as staff remotely access systems.
Covid has also meant some people are more isolated and vulnerable to scammers. Correspondingly the number of scam reports has risen.
Concerned about insurance fraud?
Insurance fraud is not a victimless crime; it’s a crime that all policyholders pay for. You can report insurance fraud by visiting the IFB website. Reports can be made anonymously.