Online criminals seize pandemic opportunity

More New Zealanders than ever were on the wrong end of phishing, fraud, ransomware and malware incidents in the three months to September.

Cert, the Computer Emergency Response Team, says 2610 incidents were reported in the quarter. That’s up 33 percent on the previous quarter and close to double the level of the same time a year earlier.

The cost of crime is rising even faster than the number of incidents. Cert says people reported crimes worth $6.4 million in the quarter. Again that’s almost double the same period a year earlier.

Cert is the government agency set up to help and advise businesses, other government agencies and individuals who face online criminals.

Reported crime is only part of the story

It points out the numbers reflect reported crimes, the actual level of incidents and losses incurred will be higher. It could be much higher. People aren’t willing to admit being duped. Nor do they want anyone to see them as victims.

While phishing and credential harvesting were the most reported incidents, distributed denial of service attacks on high profile organisations like the NZX made headlines during the quarter.

The quarter saw the emergence of Emotet, malicious software spread by email. If users click on links in the message, the software will install and steal sensitive data including passwords.

Security software

You can use security software to help guard against malware.

Not everyone needs security software; there is a downside to relying on technology to protect you from online criminals.

If you are confident and tech savvy, save the money you’d spend on malware. Invest it in making better backups so you can recover faster if hit by, say, a ransomware attack. Buy at least one local external drive and find a cloud service you can work with.

Less confident users might prefer security software. It should stop malware from infecting your computers. Keep in mind that it won’t protect you from most other online attacks. Anti-malware software can lead to a false sense of security.

Fraud and phishing tend to work by convincing you to click on links or hand over information. It’s hard for software to fix that.