What’s New?

Cert NZ has released its first quarterly report for 2021. The Cert NZ reports provide an interesting snapshot of recent cyber security incidents reported by both individuals and organisations in New Zealand.

The latest report shows that a total of 1,431 incident reports were made to CERT NZ in the first quarter of 2021, involving losses of almost $3 million.

Notable Increases

Reports of ‘unauthorised access’ increased significantly this quarter.

Unauthorised access involves an attacker gaining access to an account without your knowledge. Often this happens because of weak passwords, or login credentials that have been leaked in a data breach or via a phishing attack.

Once an attacker has access to your accounts they can carry out a range of attacks including stealing sensitive data, and intercepting bill payments and invoices.

Using strong and unique passwords and multi factor authentication on all accounts will help prevent unauthorised access.

Notable Decreases

There was a sizeable decrease in reports of malware reported to CERT from Q4 2020, mainly due to international agencies having successfully dismantled the Emotet malware infrastructure.

Phishing and Credential Harvesting

Phishing and credential harvesting is still one of the most reported incident types at CERT, making up 46% of all incident reports in Q1.

By reporting phishing incidents to CERT, the public can help to disrupt campaigns by ensuring that CERT’s partners are informed and can block or stop those emails in the future, so ensure that you report any phishing via CERT’s online tool.

Be constantly vigilant of phishing emails as they can look remarkably convincing. Just one click is enough to lead to a significant breach.

COVID-19 scams

The COVID-19 vaccination rollout is providing a number of opportunities for attackers to trick people into sharing their financial and personal information.

Some scams try to collect payments for vaccinations or prioritisation for appointments, and others attempt to collect login credentials like usernames and passwords. In Q1, CERT only responded to a small number of COVID-19 vaccine-related scams, but they anticipate that the volume will increase.

Just remember that the vaccine is free and you won’t be asked to pay for it, or a place in the queue. If you are, it’s likely a scam.


At any time, if you receive a scam or phishing email, or are concerned that your accounts have been compromised, be sure to contact CERT.

And speak to us today about how we can help protect you, your sensitive information, and your business against scammers.