CERT NZ’s Latest Cyber Security Insights Report – 2022 Q3

Table of Contents

CERT NZ’s Q3 Cyber Security report just came out. It showed that despite a lower number of incidents than average this Q3, direct financial losses have increased significantly. In fact, New Zealanders lost close to $9 million to online incidents, more than any previous quarter. For reference, last quarter’s direct financial loss was just shy of $4m.

The report also revealed that scams and frauds continue to grow with a 32% quarter-on-quarter increase. Phishing and credential harvesting remained the top incident category despite a 17% decrease from the previous quarter. You can check the previous quarter’s report here.

This article provides an overview of the key findings from CERT NZ’s cyber security report for Q3 of 2022.

Key Findings in the 2022 Q3 CERT NZ’s Report

Total Cyber Security Incidents Increased by 3% From Q2 2022 

CERT NZ 2022 Q3 - Total Cyber Security Incidents

There were a total of 2,069 cyber security incidents responded to by CERT NZ in Q3, which is a 3% increase from the previous quarter. While it’s still “lower” than the average (2,166) incidents, the continued rise of threats is a worrying trend.

A total number of incidents doesn’t tell the full story, so it’s important to look at other metrics such as financial losses and incident categories.

Total Direct Financial Loss From Cyber Security Infractions Increased to $8.9 Million in Q3 2022, Up 128% MoM

CERT NZ 2022 Q3 - Direct Financial Loss

CERT NZ’s report revealed that the total direct financial loss rose to $8.9m in Q3 2022, a 128% increase from the previous quarter.

This is the highest amount of money lost to cybercrime ever reported by CERT NZ, with New Zealanders losing more than 2x more than they did last quarter.

Breakdown of Cyber Cyber Incidents by Category

CERT NZ 2022 Q3 - Category Breakdown of Cyber Security Incidents

If you look at the incident category, phishing and credentials harvesting still took the lead despite a 17% decrease from the previous quarter. Not too far in second place is the scams and frauds category where the most financial loss came from.

Financial Losses Add Up

CERT NZ 2022 Q3 - Financial Loss Incidents Distribution Graph

Looking into the financial loss incidents further, the majority of incidents reported (over 75%) lost less than $1,000. Despite the seemingly small amounts, they can have a large impact on individuals who lost them.

Scams and Fraud Accounted for the Largest Financial Loss

CERT NZ 2022 Q3 - Financial Loss by Incident Category

This category includes romance scams, fake job offers, investments, and rental property scams. Unfortunately, this type of scam is becoming more and more common as cybercriminals look to target vulnerable individuals.

There is a common myth that scammers are always trying to break into people’s bank accounts. While this can be true in some cases, the reality is far more nuanced and layered than that. Cybercriminals use increasingly sophisticated methods to target individuals and businesses.

Below is one such example.

NZ Post Scam

One type of scam involving unauthorised money transfer that’s caught the attention of CERT NZ is someone claiming to be from the NZ Post asking recipients to enter their credit card details to pay a small fee to release a package. The transaction typically goes through but also signs up the user to a subscription of anywhere from $40-$80 per month.

The financial harm from scams and fraud can add up quickly over time. With the NZ Post scam for example, a person could be signing up for a subscription of $40-$80 per month without realizing it. This adds up to hundreds of dollars each year that the user didn’t anticipate spending. Not only does this add to their financial burden, it could also add to their stress. So if you aren’t checking your bank statements regularly, you may have quite a few amounts of unauthorized transaction fees you weren’t expecting to see.

Unauthorised Access Examples

According to the report, individuals lost over $570,000 through unauthorised access. Majority of these were from compromised social media accounts where the attacker pretended to be the account holder trying to trick friends or family into giving them money:

  1. “Hey John, you’ve just been sent a code that will help me get back into my bank account. Can you send me a screenshot of that code”
  2. I know this sounds crazy and I’ve never been much of a money person but just after a few months, my investment earned enough for me to get this new car. I know times are tight for a lot of us at the moment so if you want any tips, DM me.

There are many other types of cybercrime that scammers use to target individuals and businesses and the two examples provided above are just two among many.

How to Prevent Unauthorised Access

The best way to protect yourself from cybercrime is to stay vigilant and to be aware of the different types of scams that are out there. In the examples above, there are some red flags present—urgency and too good to be true. Being aware of these signs and taking the time to verify if something is legitimate can save you a lot of time, money and stress.

Outside that, other things you can do now that will help you reduce your risks are as follows:

  1. Ensure you use strong and unique passwords on your accounts. This way, if one account gets compromised (e.g. your Facebook account), they won’t be able to login to your bank account with the same password.
  2. Use multi-factor authentication (MFAs). In the event these cyber criminals do get your password, having another layer of protection (like an SMS code sent to you or email) before being able to login or make a transaction, makes it harder for them to access your account.
  3. Don’t give out personal information online. This includes public posts and/or private messages from friends and family, just like in the example above.
  4. Verify with the other party if the transaction is legitimate. Whether this is a money transfer request from your close friend, or paying an invoice to a supplier, it’s best to verify through another medium (like a phone call or SMS) that the request is legitimate.

Stay Vigilant

As always, you are the last line of defense when it comes to cyber security. Technology can also do so much. With the holidays upon us, it’s vital that you stay extra vigilant and aware of the types of cybercrime that are out there.

By doing your part in staying up to date with the latest threats, you can help yourself stay safe online and protect your personal information from being compromised or stolen.

If your business is not currently taking steps to protect itself from cybercrime, now is the time to do so. Contact iT360 today for a cyber security assessment and we can help you put in place the necessary measures to protect your organisation from these threats.

Contact iT360 for a Comprehensive Cyber Security Audit
Other People Also Viewed These Articles
Saba Samiei

Women in Tech

The gender discussion continues to be an intriguing one when it comes to the Tech sector. Even after New Zealand became the first country worldwide more than 125 years ago in which women attained the

Read More »
4 Reasons Why You Should Use MS Teams

Why Your Team Wants Teams

Let’s face it. Today’s technological advancements have made even the simplest things complicated. The simple act of communication in the workplace has become so complex that it causes inefficiencies and productivity issues.  Watch this quick

Read More »

Leave a Comment