Cyber scams are continuing to evolve, with urgency, fear and opportunity used to dupe victims into parting with their money.
CERT NZ's Cyber Security Insights report for the first quarter of the year indicates the number of cyber incidents and the associated financial losses have dropped back a bit from the last quarter of 2021, but were still high.
"The previous quarter saw a spike due to the prevalent Flubot campaign which used text messages to install malicious malware on New Zealanders' devices," CERT director Rob Pope said.
CERT received 2333 reports in the three months ended March, which was an increase of 63 percent from the same quarter last year.
There were direct financial losses of $3.7 million, which was up 23 percent on the year earlier.
Phishing and credential harvesting made up 59 percent of all reports.
Pope said phishing had been around for decades but had evolved over that time.
He said scammers often stole people's personal credentials to gain unauthorised access to accounts and systems, which could provide a gateway to other scams.
"Attackers change their tactics to reflect current events and use social engineering triggers, like urgency, fear and opportunity," he said.
"Phishing is a major concern as it's simple to do, from a technical perspective, and it's a gateway to other kinds of incidents."
Pope said it was helpful to report phishing attempts to CERT, because it could help stop others from falling victim to a scam.
Another concern was a rise in scams involving NFTs (non-fungible tokens), which had become popular.
"This new form of investment has created a rich avenue of opportunity for scammers, who are always looking for an edge," Pope said.
NFTs appeal to attackers as they were mostly unregulated, and payments were difficult to reverse or retrieve.
He said the NFT market could be heavily hyped with high-profile projects, sparking a fear of missing out.