Closer ties between the government's Computer Emergency Response Team and financial services firms saw reports of phishing attacks more than double in the June quarter.
The Crown agency responsible for tracking, monitoring and advising on cybersecurity incidents registered 455 phishing attacks in the three months through June, up from 196 in the March quarter. Some 337 of those attacks were about the financial services sector, which the agency put down to a closer working relationship with the industry.
The total number of incidents reported was 736, of which 112 were referred to police and nine to Netsafe. None were referred to the National Cyber Security Centre or Department of Internal Affairs in the quarter.
Those led to $2.2 million of direct losses for people and organisations, again skewed to older demographics. Four incidents accounted for 77 per cent of those losses, of which two were scams, such as phone calls or ads designed to tricker users into installing fake software on their computers. Eleven scams and frauds were reported to agency - known as Cert NZ - in the quarter.
Director Rob Pope said the increased reporting indicated growing acceptance of the agency as the central portal for cyber-security issues. After a year of operating, it has been able to start sharing deeper analysis of identifiable weaknesses, such as helping an e-commerce firm shore up its internal security.
"We were able to help them identify the key areas where their website's security was falling short and to understand why these weaknesses hadn't been resolved by their temporary and partial fixes," Pope said. "With guidance from our team, they were able to take steps to resolve the weaknesses and keep the attacker out for good."
The government increased funding for Cert NZ in this year's budget, adding $3.9 million over four years to help prevent cybercrime.