Email-related attacks cost New Zealanders close to one million dollars

Cyber attacks circulated by email posed the greatest threat to New Zealanders’ cyber safety between July and September this year, CERT NZ said in a press release.

According to CERT NZ, the government agency which supports organizations and individuals affected by cybersecurity incidents, reports of business email compromise was up by 101% from quarter two with $944,000 direct financial loss. 

During the same period, there was a surge in reports about a variation of malware called Emotet, which is spread through a link or attachment in an email, resulting in a 34% increase in malware reports made to CERT NZ from the previous quarter.  

“Email is widely used and trusted both in business and our personal lives. This, unfortunately, makes it an easy target for cyber attackers who are looking to make a quick buck,” says CERT NZ’s Director Rob Pope.

Attackers use business email accounts to carry out a range of scams, such as putting false bank account details on invoices sent to customers. They gain access in several ways, including guessing or ‘cracking’ weak account passwords, finding out passwords through data leaks online, or collecting login information through phishing campaigns.

“The good news is that the risk of these attacks, impacting you or your business, can be mitigated with a few simple steps,” says Mr. Pope.

Figures from CERT NZ’s quarterly report also reveal reports of cybersecurity incidents are at an all-time high, with 2,610 reports made to the government agency in the third quarter of 2020 resulting in $6.4 million of direct financial loss from all incidents that occurred.

“This is not surprising given the state of play over the last three months with a spate of distributed denial of service (DDoS) attacks, ransomware attacks, and online scams. These incidents serve as a wake-up call for Kiwis to tighten up their online security.”