Record Losses To Cybercrime A Concern, Even As Reports Decline
CERT NZ’s latest annual summary shows that scammers are still finding new and inventive ways of getting to our money. While reports were down slightly on the previous year, financial losses jumped up 19% to $20 million, mostly due to a spike in quarter three. These are the biggest losses reported to CERT NZ in a single year.
CERT NZ director Rob Pope said that amount lost to online scams and fraud is particularly worrying.
“CERT NZ received almost 2,300 reports about scams and fraud in 2022,” said Pope. “The number of these reports increased 21% from last year, and everyday New Zealanders lost almost $17.1m to online scams.”
The decrease in overall reports is due to a drop of 88% in reports of malware. However, the top three categories reported to CERT NZ – phishing and credential harvesting, scams & fraud, and unauthorised access – all saw significant increases. In fact, when malware is excluded from total reporting counts there is a 15% increase in reports from 2021.
“Unlike 2021, there were no large-scale campaigns targeting New Zealanders – such as the Flubot malware – in 2022,” said Pope. “However, we did see smaller campaigns, such as unauthorised money transfer scams, that targeted individuals for large losses.”
The end of the year saw CERT NZ receive a record number of ransomware reports (36 in quarter three). Some of these were interconnected, as a single attack had a flow on affect to other organisations.
There was also an increase in fake extortion and blackmail scams reported to CERT NZ, with CERT NZ now receiving a new report roughly every three days.
Pope reminded New Zealanders that staying vigilant is the key to staying safe online and keeping your money out of the hands of scammers.
“It’s always wise to just pause, take a moment and think about if the investment opportunity, bank warning, or romantic engagement is legitimate or not. Call the organisation on an official number, scout online to see if their photos have been taken from someone else; a little bit of work can avoid the heartache of losing your hard-earned money. All of this will go a long way to reducing these significant financial losses.”
Notes:
Key statistics:
Annual summary 2022
- 8,160 incidents reported to CERT NZ
in 2022 (down 8% from 2021).
- Most of the drop can be attributed to an 88% decrease in malware reports.
- The top three reporting categories all saw significant increases, phishing & credential harvesting (16%), scams & fraud (21%), and unauthorised access (23%).
- $20 million in direct financial
loss reported, highest level for a single year.
- The scams & fraud category accounted for 86% of the financial loss ($17.1m).
- Scams involving unauthorised money transfer was the largest category with $5.9m in losses.
Q4 2022
- 1,757 incidents reported to CERT NZ in Q3 2022 (1 October to 31 December 2022).
- $3.5 million
in direct financial loss reported.
- 27% of incidents reported financial loss.
- 212 people lost between $100 and $1000.
- 9 people lost over $100,000.
- If you believe you have been the target of an online scam contact CERT NZ and, if you have lost money, contact your bank, immediately.
- CERT NZ
received the highest number of reports about ransomware for
a single quarter (36).
- Many reports were related to a single attack that affected many connected organisations.
- Extortion and blackmail
scams have increased again (though not to the same level as
two years ago).
- CERT NZ receives one report of this type roughly every three days.
About CERT NZ
CERT NZ is New Zealand’s Computer Emergency Response Team, and works to support businesses, organisations and individuals who are affected (or may be affected) by cyber security incidents. CERT NZ provides trusted and authoritative information and advice, while also collating a profile of the threat landscape in New Zealand. See www.cert.govt.nz for more information.
/home/scoop/data/media/pdfs/2303/CERT_NZ_Q4_2022_Data_Landscape_embargoed_until_5am_Thursday_23_March_2023.pdf
/home/scoop/data/media/pdfs/2303/CERT_NZ_Q4_2022_Cyber_Security_Insight_Report_FINAL_Embargoed_5am_Thursday_23_March_2023.pdf