Computerworld

CERTNZ reports scams and fraud almost double in three months

Webcam blackmail and payment scams rise
  • Stuart Corner (Computerworld New Zealand)
  • 07 December, 2018 14:54

CERTNZ says the number of scam and fraud incidents reported to it increased 90 percent from 104 in Q2 2018, to 198 in Q3, with webcam blackmail and payment scams making the largest contribution to the increase.

The findings come from the latest quarterly report from CERTNZ, a cyber security unit within the Ministry of Business, Innovation and Employment.

"This jump was led by a large number of webcam and password extortion scam reports (46), and a number of smaller campaigns including invoice scams and Facebook-based scams (25), many of which CERT NZ and NZ Police have responded to, CERTNZ said.

In response to the reported increase CERTNZ issued, on 23 July, an advisory about the increase in webcam and password blackmail scams.  It said the webcam campaign is being experienced internationally and was affecting large numbers of everyday New Zealanders.

Other significant increases reported in its latest quarterly report were a 28 percent increase in unauthorised access incidents from 71 to 91, and a 283 percent increase in malware reports from six to 23.

Direct financial losses reported to it resulting from incidents were up 35 percent to $3.0m. Losses reported by organisations accounted for 46 percent of the total and individuals 54 percent. $2.1m of the total losses resulted from just nine of the 156 financial loss incidents reported.

Simple protections not implemented

CERT NZ says businesses can protect themselves against email spoofing with solutions such as DomainKeys Identified Mail (DKIM) and Domain-based Message Authentication, Reporting and Conformance (DMARC).

Earlier this year Computerworld reported Scott Manion, associate market analyst at IDC, saying New Zealanders could greatly increase their protection from cyber threats by taking up DMARC, which protects domain name owners from having their domain name spoofed to send bogus email messages, and Quad9, a DNS service where the servers incorporate security tools from several of the industry’s leading cyber security companies. However he claimed uptake of these techniques was minimal.

Manion had taken a straw poll of attendees at a security conference and found minimal uptake. “This is a room full of Auckland’s best security ‘professionals’, and yet not even 10 percent could be bothered to take the quick and easy steps toward cyber protection in their personal lives," he said.