CERT NZ reveals how much Kiwis have lost to scammers

Smishing on the rise, data shows

CERT NZ reveals how much Kiwis have lost to scammers

Scammers stole $4.2 million in the three months to June, with SMS text-based phishing (smishing) on the rise, according to CERT NZ.

CERT NZ’s Cyber Security Insights for the June quarter said the $4.2 million in direct financial loss between April and June was down 27% from the previous quarter, with 21% of the cyber incidents reporting a financial loss.

Over the same period, CERT NZ responded to 1,950 incidents, down 1% from the March quarter.

Despite an overall decline in both reports and financial loss in Q2, many incident categories posted increases compared with the previous quarter, including ransomware, website compromise, and malware. Phishing, in particular, was up 26% from the last quarter, and, according to Rob Pope, CERT NZ director, “doesn’t seem to be slowing down.”

“Phishing – both email and SMS – has become one of the main paths for cybercrime, because, for the bad guys, it’s the fastest and most cost-effective way of targeting New Zealanders,” Pope said.

The data showed a worrying development, though, he noted, and that is the surge in smishing.

“Historically, most phishing was delivered by email,” Pope said. “However, this year, CERT NZ has seen many more phishing text messages (also known as ‘smishing’) than phishing emails.”

Smishing poses more risk because people have their phone on them all the time and they see these messages when they are on “auto pilot.”

“Links sent via text messages are also easy to disguise using URL shorteners (for example, bit.ly) and can be sent from ‘spoofed’ phone numbers,” Pope said.

The smishing messages often purport to be from a reputable organisation such as banks, Inland Revenue, and New Zealand Post. They usually claim there is a problem that requires the victim to click on a link to resolve it. Often, a sense of urgency is included around the action.

“Recently, some smishing texts have come with a phone number as well as, or instead of, a link,” Pope said. “Calling the number gives the scammers direct access to you and can make their scam seem more legitimate.”

One way to ensure everyone’s secure and cyber resilient in New Zealand’s ongoing fight against cyber criminals is to make sure all devices and software are up to date, the CERT NZ director said.

“If there’s a vulnerability in a piece of software you use, you’d want to know,” Pope said.  “Vulnerability disclosure is a vital part of cyber security; knowing there’s an issue gives the software vendors a chance to fix it before malicious actors can get in.”

Access the full report here.

Use the comment section below to tell us how you felt about this story.