Thursday, 30 November 2023
KaitaiaWhangareiDargavilleAucklandThamesTaurangaHamiltonWhakataneRotoruaTokoroaTe KuitiTaumarunuiTaupoGisborneNew PlymouthNapierHastingsDannevirkeWhanganuiPalmerston NorthLevinParaparaumuMastertonWellingtonMotuekaNelsonBlenheimWestportReeftonKaikouraGreymouthHokitikaChristchurchAshburtonTimaruWanakaOamaruQueenstownDunedinGoreInvercargill
NZ HeraldThe Northern AdvocateThe Northland AgeThe AucklanderWaikato HeraldBay Of Plenty TimesRotorua Daily PostHawke's Bay TodayWhanganui ChronicleThe Stratford PressManawatu GuardianKapiti NewsHorowhenua ChronicleTe Awamutu CourierVivaEat WellOneRoofDRIVEN Car GuideThe CountryPhoto SalesiHeart RadioRestaurant Hub
Voyager 2023 media awards
Subscribe

Advertisement

Advertise with NZME.
Home / New Zealand

Scammers siphon millions from Kiwi victims in elaborate cyber attacks

By
Lane Nichols
22 Nov, 2022 07:25 PM5 mins to read
Saveshare

Share this article

facebookcopy linktwitterlinkedinredditemail
Scammers siphon millions from Kiwis, low interest rates a thing of the past and wild weather warnings are in place in the latest New Zealand Herald headlines. Video / NZ Herald

The Government’s cyber security agency has recorded a “massive” jump in online fraud, with scammers draining nearly $9 million from unsuspecting victims in just three months.

Twelve victims lost more than $100,000 each as cyber criminals deployed a devious array of elaborate scams to trick people into giving over their money and personal details, or infiltrated their computers and bank accounts through malware or remote access trojan software.

Data obtained by the Herald from CERT NZ shows the agency received more than 10,000 cyber security reports in the last year relating to phishing attacks, scams and fraud, unauthorised access to email or bank accounts, denial of service attempts, ransom or malware attacks and compromised websites.

The agency admits such attacks are “widespread” with many more going unreported. CERT NZ director Rob Pope earlier told the Herald that the numbers reported to his agency were just the “tip of the iceberg” due to many businesses and people being too sheepish to admit they’ve been taken in by scammers.

Advertisement

Advertise with NZME.

Cyber criminals obtained nearly $9m in the last quarter alone (July-September) - a huge spike on the previous quarter ($3.9m) and the quarter before that ($3.7m).

CERT NZ says the number of reported incidents has remained reasonably static in recent months, but the number of attacks resulting in loss through fraudulent criminal activity and unauthorised access to victims’ accounts has jumped by about 30 per cent.

The figures include cases like the Invercargill pensioner who lost $134,000 when thieves infiltrated his SBS Bank accounts in July, changed his listed mobile phone numbers to skirt the bank’s two-factor authentication security checks, then drained the money in 11 unauthorised transactions.

SBS has refused to refund the victim and the matter is now under investigation by the Banking Ombudsman.

Advertisement

Advertise with NZME.

CERT NZ threat and incident response manager Jordan Heersping said the most common cyber security incident involved phishing attacks, when victims were contacted by malicious actors pretending to be from a bank, internet provider, government agency or financial institution, and convinced to hand over their user names and passwords.

CERT NZ threat and incident response manager Jordan Heersping says scam victims have been "fooled" by criminals. Photo / Supplied/123rf
CERT NZ threat and incident response manager Jordan Heersping says scam victims have been "fooled" by criminals. Photo / Supplied/123rf

Phishing attacks could also involve victims clicking on suspect links which then download malicious software to a person’s device, harvesting their personal information and sending it back to the scammers to access bank or email accounts.

These attacks were a “constant threat”. The emails were often well-crafted and difficult to spot, Heersping said.

CERT NZ has also recorded a big jump in unauthorised access incidents. Victims may have approved a charge, for instance to receive a non-existent courier parcel, but criminals were then able to set up recurring withdrawals from the victim’s account.

Related articles

Business

Spy agency says 170,000 cyberattacks launched on NZ

19 Sep 05:35 AM
Business

Spy boss: Putin-supporting cybercrims could target NZ with revenge attacks

25 May 05:00 PM
Business

Cyber-attacks: Five ways NZ is asleep at the wheel

15 Mar 02:00 AM
Business

Cyber attacks: The one move Govt must make to deter hackers

13 Sep 05:35 AM

Heersping said many attacks reported to CERT NZ originated overseas. The agency helped victims work with banks to recover stolen money and tried to educate people about the latest scams.

Victims typically lost between $100 and $1000, but elaborate romance or investment scams could see hundreds of thousands of dollars drained, at huge financial and emotional cost.

“For a lot people, the effect of a cyber attack will have quite a knock-on effect on their mental health.

“We see everything from a couple of dollars to a lot of money, and that’s both across businesses and individuals.”

The Herald has reported on two recent cases where cyber criminals accessed pensioners’ online accounts to steal money and the banks refused to reimburse the victims, claiming they had not taken adequate precautions.

Under the Code of Banking Practice, banks are obligated to refund customers for unauthorised withdraws unless the victims acted fraudulently or were “wilfully negligent”.

Advertisement

Advertise with NZME.

Asked about liability, Heersping said scam victims had been “fooled”.

“You’re not deliberately giving your details to a malicious actor. You’re tricked into it. It can be quite hard to tell.

“I’d say they’re no more liable than if someone’s jimmied their window open and stole their TV.

“There might be things they can do [to keep themselves safe], but the reality is they’re victims of a crime and I wouldn’t put the onus on individuals for falling for a phishing attack.”

Heersping said compromised devices could be “cleaned”, which involved a forensic check for malware, often returning the computer or phone to factory settings.

However, most people did not know what to look for and may not realise their device had been compromised until it was too late.

Advertisement

Advertise with NZME.

The quicker fraudulent transaction were reported, the more likely the money could be recovered by banks, Heersping said.

It was crucial to educate people about what to look out for and how to protect themselves online.

Police said they and other government agencies would never contact someone of the blue asking for their password, credit card or bank details.

Anyone who believed they had fallen victim to a scam, in person, over the phone or online, should contact police.

“Police acknowledge the financial and emotional distress that falling victim to online scams can cause, and recommend taking a cautious approach to unsolicited emails and approaches online. Trust your gut instinct - if it doesn’t feel right, it probably isn’t.”

Consumer Protection NZ has information on how to prevent yourself, family and friends from being scammed.

Advertisement

Advertise with NZME.

The Financial Markets Authority provides advice to help avoid falling victim to online investment scams.

CERT NZ provides advice on how to respond to and avoid cyber security incidents.

TIPS TO STAY SAFE

  • Use two-factor authentication for added security.
  • Never give out your username, password or 2FA codes.
  • Be aware of phishing attacks and think twice about clicking on suspect links.
  • Report any malicious cyber attacks to CERT NZ.
Saveshare

Share this article

facebookcopy linktwitterlinkedinredditemail

Advertisement

Advertise with NZME.

Latest from New Zealand

New Zealand

Thirteen fire appliances tackling blaze at Auckland refuse station

29 Nov 08:25 AM
New Zealand

Te Pāti Māori co-leader says smokefree reversal ‘systemic genocide’

29 Nov 07:54 AM
New Zealand

Focus: The White Lady faces a bun shortage

New Zealand

Restaurant axe attacker acquitted on grounds of insanity

29 Nov 07:07 AM

Top toys of 2023 for kids & ‘kidults’

sponsored

Advertisement

Advertise with NZME.

Latest from New Zealand

Thirteen fire appliances tackling blaze at Auckland refuse station

Thirteen fire appliances tackling blaze at Auckland refuse station

29 Nov 08:25 AM

Police and 13 fire appliances are attending an incident on the North Shore.

Te Pāti Māori co-leader says smokefree reversal ‘systemic genocide’

Te Pāti Māori co-leader says smokefree reversal ‘systemic genocide’

29 Nov 07:54 AM
Focus: The White Lady faces a bun shortage

Focus: The White Lady faces a bun shortage

Restaurant axe attacker acquitted on grounds of insanity

Restaurant axe attacker acquitted on grounds of insanity

29 Nov 07:07 AM
Toy trends for Christmas
sponsored

Toy trends for Christmas

About NZMEHelp & SupportContact UsSubscribe to NZ HeraldHouse Rules
Manage Your Print SubscriptionNZ Herald E-EditionAdvertise with NZMEBook Your AdPrivacy Policy
Terms of UseCompetition Terms & ConditionsSubscriptions Terms & Conditions
© Copyright 2023 NZME Publishing Limited
TOP