Online break-ins cause big losses
Scammers gaining unauthorised access to people's devices and online accounts is causing New Zealanders to lose money, a recent report shows.
Of the $6.6m financial loss reported to NCSC between April and June 2024, $3.6m was from unauthorised access.
Unauthorised access is when someone, typically an online scammer, gains access to your device or your online accounts such as your social media, your email or your bank accounts. Once they are in, scammers can steal your money or use your credentials to scam you and people you know in the future.
Reports received by NCSC show that these online attackers are succeeding. Loss from unauthorised access went up from $360,000 in Q1 to $3.6m this quarter.
How do they get in?
Scammers need your password to get into your accounts. A very common tactic we see scammers using to steal passwords is to send you phishing emails or text messages with fake links, asking you to click on them. These links lead to webpages that ask you to log in or sign up. Any important information you enter there will go to these scammers.
It is important to learn to identify a phishing message when you see one.
Protect yourself against email scams
They can also get their hands on your password in a data leak, or by installing malware on your computer or phone. If you have a weak password, they can sometimes guess it by using automated software.
Put strong locks to keep the thieves away
The best way to protect against unauthorised access is to create good passwords and to use two-factor authentication (2FA). A good password is long, strong and unique – which means you do not use the same password for all your accounts. When you use two-factor authentication, you add an extra layer of protection to your accounts and online attackers cannot break in even if they have your password.
How to create good passwords
Use two-factor authentication to protect your accounts
The Cyber Security Insights report for Q2 2024 on CERT NZ describes how scammers are using new technology for phishing scams. carrying out phishing campaigns by using new and evolving technology.