People are losing more money to fraud and online scams. Photo: Pixabay/shafin_protic
People are losing more money to fraud and online scams, with recent months bringing the second highest total loss figure on record.
There has been a 14.7 percent quarterly increase in financial loss reported by New Zealanders, according to the National Cyber Security Centre's Cyber Security Insights report for the year's first quarter.
From 1 January to 31 March, a total of 1369 incidents were reported.
Of those, 77 were triaged for specialist support because they were of "potential national significance".
It equalled a financial losses of $7.8 million, up from $6.8 million in the previous quarter.
The largest ever was $8.9 million, recorded in the third quarter of 2022.
Response and investigations team lead Tom Roberts said many of those losses came from scam and fraud.
"Particularly through business email compromise - where an attacker targets the email systems of a business to obtain money or information - and unauthorised money transfers," Roberts said.
"The true scale of losses is likely to be much greater, since we know only a small proportion of losses are reported to us. We urge people to be cautious online because bad actors are always waiting for an opportunity to steal money or information."
Director of mission enablement Mike Jagusch said the difference this quarter was that it was mostly businesses reporting losses, rather than individuals.
The report showed more than half of the losses reported to the NCSC were to businesses, with criminals often targeting law firms or real estate agencies which handled large transactions.
"A business email compromise is an attack where a bad actor looks to gain access to an organisation's email system, and then they use that email access to trick staff, or clients, or another organisation, into paying them money."
That could take the form of a fake invoice, sent from the organisation's own email account, listing the attacker's email address as the destination for payment.
Jagusch said organisations should make sure staff were using long, strong, unique passwords and that they have multi-factor authentication turned on, to make it harder to break into their email systems.
According to the report, there were 10 recorded incidents in which more than $100,000 was lost.
With 486 total reports, "scams and fraud" was again the most reported incident category. The second-highest was "phishing and credential harvesting" with 440.
Sign up for Ngā Pitopito Kōrero, a daily newsletter curated by our editors and delivered straight to your inbox every weekday.
